██████╗ ██╗ ██╗███╗ ██╗██╗ ██╗███████╗███████╗
██╔══██╗██║ ██║████╗ ██║╚██╗██╔╝██╔════╝██╔════╝
██████╔╝██║ █╗ ██║██╔██╗ ██║ ╚███╔╝ ███████╗███████╗ {v0.5 Final}
██╔═══╝ ██║███╗██║██║╚██╗██║ ██╔██╗ ╚════██║╚════██║
██║ ╚███╔███╔╝██║ ╚████║██╔╝ ██╗███████║███████║
╚═╝ ╚══╝╚══╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝╚══════╝
<<<<<<< STARTING >>>>>>>
[10:38:31] [INFO] Starting PwnXSS...
***************
[10:38:31] [INFO] Checking connection to: https://webdemo.cloud.invgate.net
[10:38:32] [INFO] Connection estabilished 200
[10:38:32] [WARNING] Target have form with POST method: https://webdemo.cloud.invgate.net/auth/login/type/dummy
[10:38:32] [INFO] Collecting form input key.....
[10:38:32] [INFO] Internal error: 'name'
[10:38:32] [INFO] Form key name: next value: <script>console.log(5000/3000)</script>
[10:38:32] [INFO] Sending payload (POST) method...
[10:38:33] [INFO] Parameter page using (POST) payloads but not 100% yet...
[10:38:33] [WARNING] Target have form with POST method: https://webdemo.cloud.invgate.net/auth/login/type/servicedesk
[10:38:33] [INFO] Collecting form input key.....
[10:38:33] [INFO] Form key name: value value: <script>console.log(5000/3000)</script>
[10:38:33] [INFO] Form key name: password value: <script>console.log(5000/3000)</script>
[10:38:33] [INFO] Internal error: 'name'
[10:38:33] [INFO] Form key name: next value: <script>console.log(5000/3000)</script>
[10:38:33] [INFO] Form key name: CSRFToken value: <script>console.log(5000/3000)</script>
[10:38:33] [INFO] Sending payload (POST) method...
[10:38:33] [INFO] Parameter page using (POST) payloads but not 100% yet...
***************
[10:38:35] [INFO] Checking connection to: https://webdemo.cloud.invgate.net/password-reset/trigger
[10:38:36] [INFO] Connection estabilished 200
[10:38:36] [WARNING] Target have form with POST method: https://webdemo.cloud.invgate.net/password-reset/trigger
[10:38:36] [INFO] Collecting form input key.....
[10:38:36] [INFO] Form key name: email value: <script>prompt(5000/200)</script>
[10:38:36] [INFO] Form key name: submit value: <Submit Confirm>
[10:38:36] [INFO] Form key name: CSRFToken value: <script>prompt(5000/200)</script>
[10:38:36] [INFO] Sending payload (POST) method...
[10:38:36] [INFO] Parameter page using (POST) payloads but not 100% yet...
Traceback (most recent call last):
File "/Users/faguirre/Desktop/PwnXSS/pwnxss.py", line 73, in <module>
start()
File "/Users/faguirre/Desktop/PwnXSS/pwnxss.py", line 54, in start
crawler.crawl(getopt.u,int(getopt.depth),getopt.proxy,getopt.user_agent,check(getopt),getopt.method,getopt.cookie)
File "/Users/faguirre/Desktop/PwnXSS/lib/crawler/crawler.py", line 52, in crawl
self.crawl(url,depth-1,base,proxy,level,method,cookie)
File "/Users/faguirre/Desktop/PwnXSS/lib/crawler/crawler.py", line 44, in crawl
urls=self.getLinks(base,proxy,headers,cookie)
File "/Users/faguirre/Desktop/PwnXSS/lib/crawler/crawler.py", line 19, in getLinks
text=conn.get(base).text
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 555, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 636, in send
kwargs.setdefault('proxies', self.rebuild_proxies(request, self.proxies))
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 289, in rebuild_proxies
new_proxies = proxies.copy()
AttributeError: 'str' object has no attribute 'copy'