gbrindisi / xsssniper Goto Github PK

View Code? Open in Web Editor NEW

400.0 26.0 116.0 210 KB

An automatic XSS discovery tool

Home Page: http://brindi.si/g/

Python 100.00%

xsssniper's Introduction

XSSSNIPER

xsssniper is an handy xss discovery tool with mass scanning functionalities.

Usage:

Usage: xsssniper.py [options]

Options:
  -h, --help            show this help message and exit
  -u URL, --url=URL     target URL
  --post                try a post request to target url
  --data=POST_DATA      post data to use
  --threads=THREADS     number of threads
  --http-proxy=HTTP_PROXY
                        scan behind given proxy (format: 127.0.0.1:80)
  --tor                 scan behind default Tor
  --crawl               crawl target url for other links to test
  --forms               crawl target url looking for forms to test
  --user-agent=USER_AGENT
                        provide an user agent
  --random-agent        perform scan with random user agents
  --cookie=COOKIE       use a cookie to perform scans
  --dom                 basic heuristic to detect dom xss

Examples:

Scanning a single url with GET params:

$ python xsssniper.py -u "http://target.com/index.php?page=test"

Scanning a single url with POST params:

$ python xsssniper.py -u "http://target.com/index.php" --post --data=POST_DATA

Crawl a single url looking for forms to scan:

$ python xsssniper.py -u "http://target.com" --forms

Mass scan an entire website:

$ python xsssniper.py -u "http://target.com" --crawl

Mass scan an entire website forms included:

$ python xsssniper.py -u "http://target.com" --crawl --forms

Analyze target page javascripts (embedded and linked) to search for common sinks and sources:

$ python xsssniper.py -u "http://target.com" --dom

Thanks:

Miroslav Stamparm
Claudio Telmon

License

ISC License.

Copyright (c) 2012, Gianluca Brindisi < [email protected] >

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

xsssniper's People

Contributors

Stargazers

Watchers

Forkers

johnnypenn infodox exploit-the-planet stibiumz krelve pymmrd r2k0 goolge ypeleg phpplay rishabhjoshi mingyong httang12 evansking deki0r tuhaolam grayhats atiqaht n4yk bryant1410 grazvan gcsabi sajibekanti methos2016 scribilicious ollie-cox topotam pingf samyoyo tobey123 alexankaodin weeshlow grukz expertasif m41doror moriarty2016 souldestroyer sireof r3dfruitrollup eduriel seankeith phackt ykankaya rahulrishavmohanti bilportistivraboti inc775 prodject hybridious lexluga chosen1 w3llr00t3d natrix-fork idkwim aglcaicai hacker-one ayiezola scr1ptk1tti3 seabreg tauh33dkhan p3t3rp4rk3r aperturetechnology acknowledgehim johndoex1 tai-euler killvxk fengjixuchui qsdj linux4sa md50x sherifc129 modulexcite nwork guyhalfon softdream1981 pentest-tools kpax00 aaap-repos ibrahimcheik habibendris10 hackerinchief blackhatethicalhacking n4if wangroot hacking-repo fanian26 reewardius silentsoul04 area71 hartl3y94 13957166977 anthonymcqueen21 yuebinge swapnsharma w3lk1n tommalvoriddle net-hun73r mohdahsank001 adelittle nghiamai mehradmashoof

xsssniper's Issues

Random seed may result in valid attribute

The randoms generated seed for the taint may result as a valid html attribute like href, src, etc.

https://github.com/gbrindisi/xsssniper/blob/master/core/payload.py#L14

Must blacklist common attributes names.

Crawl Errors and Scan Errors

Everytime I scan a site on XSSniper, it says right next to Remaining Targets, Crawl Errors, and next to Remaining URLS, it says Scan Errors.

Is there a glitch in XSSSniper or those websites just don't have an XSS vulnerability?

showing to install mechanize module

how to fix this install mechanize module

Python3

Should we migrate this project to Python 3? I do not think Python 2 support is must have. Could you tell me your opinion about this? Does some distro use xsssniper without Python 3?

Check availability of lxml

Currently if mechanize is missing xsssniper will say:

[X] Please install mechanize module:
    http://wwwsearch.sourceforge.net/mechanize/

But if lxml is missing it will say:

Traceback (most recent call last):
  File "xsssniper.py", line 6, in <module>
    from core.engine import Engine
  File "/home/hsalo/xsssniper/core/engine.py", line 24, in <module>
    from core.domscanner import DOMScanner
  File "/home/hsalo/xsssniper/core/domscanner.py", line 11, in <module>
    from lxml import etree
ImportError: No module named lxml

Maybe xsssniper should also give pip install -commands rather than per project URLs, but that is design decision. Also the import errors are checked several times. Is there a reason for that?

cookie format

why is good syntax for argument --cookie=?
i need example for COOKIE_DATA format.. ./xsssniper.py -u "blah.blah" --cookie=<how to write keys and values?>
thx

Package it

Eventually package xsssniper to have a simpler installation.

Ideally:

pip install xsssniper

Shebang problem

When executed without use the binary python, just using the Shebang specification in the file xsssniper.py, it throws an error like this:

$ python xsssniper.py --help
[X] Please install hgapi module:
   $ pip install 

$ ./xsssniper.py --help
./xsssniper.py: line 4: try:: command not found
./xsssniper.py: line 6: except: command not found
Warning: unknown mime-type for "\n[X] Please install hgapi module:" -- using "application/octet-stream"
Error: no such file "\n[X] Please install hgapi module:"
Warning: unknown mime-type for "   $ pip install \n" -- using "application/octet-stream"
Error: no such file "   $ pip install \n"
./xsssniper.py: line 11: syntax error near unexpected token `from'
./xsssniper.py: line 11: `from optparse import OptionParser'

The error was fixed just with a single character in the Shebang specification:

$ diff xsssniper.py xsssniper.py.fork 
1c1
< #/usr/bin/env python

---
> #!/usr/bin/env python

SyntaxError: Missing parentheses in call to 'print'

File "xsssniper.py", line 29
"""
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("""

HTTP proxy functionality not working

As discussed in private email HTTP proxy functionality is not working. I have tested this with Burp and OWASP ZAP HTTP proxies with Git revision 73. I used these commands and no traffic is shown in logs of the proxy application:

xsssniper.py --http-proxy=127.0.0.1:8080 -u https://public-firing-range.appspot.com/
xsssniper.py --http-proxy=http://127.0.0.1:8080 -u https://public-firing-range.appspot.com/
xsssniper.py --http-proxy="http://127.0.0.1:8080" -u https://public-firing-range.appspot.com/