Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restructure run_on_url #23

Merged
merged 8 commits into from
Oct 15, 2019
Merged

Restructure run_on_url #23

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
bf2828a
Merge pull request #3 from M4cs/master
TotallyNotChase Oct 11, 2019
f592d52
Merge pull request #4 from M4cs/master
TotallyNotChase Oct 12, 2019
cf2cb1f
Wrap result_print to seperate func
TotallyNotChase Oct 12, 2019
d584193
Change 0 and 1 to proper booleans
TotallyNotChase Oct 12, 2019
a00f2df
Fix typo in import
TotallyNotChase Oct 13, 2019
47a7e8a
Add missing period on import
TotallyNotChase Oct 14, 2019
12e7887
Merge pull request #5 from M4cs/master
TotallyNotChase Oct 14, 2019
bd7a636
Remove diff usage from Scanner.py
TotallyNotChase Oct 15, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
204 changes: 86 additions & 118 deletions traxss/core/scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
import sys, requests, json, urllib, os
from .differ import Differ
from crayons import *
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from selenium.common.exceptions import NoAlertPresentException, NoSuchElementException, ElementNotInteractableException
from selenium.common.exceptions import NoAlertPresentException, NoSuchElementException, ElementNotInteractableException, TimeoutException
from selenium.webdriver.common.keys import Keys
from selenium.common.exceptions import StaleElementReferenceException
from selenium.webdriver.common.by import By
Expand Down Expand Up @@ -67,124 +66,84 @@ def get_params(self):
params = dict(urllib.parse.parse_qsl(query_string))
return params

def query_scanner(self, payload):
for param in self.params.keys():
previous_value = self.params[param]
self.params[param] = payload
target_url = encode_url(self.base_url, self.params)
self.raw_params = urllib.parse.urlencode(self.params)
if self.cookies:
#What does this url variable represent, any value? - Chase
self.driver.get(url)
self.driver.add_cookie(self.cookies)
self.driver.get(target_url)
try:
WebDriverWait(self.driver, 1).until(expected_conditions.alert_is_present())
self.driver.switch_to.alert.accept()
if self.count_results(self.raw_params, target_url):
self.driver.quit()
self.final_report()
except TimeoutException:
pass

def html_scanner(self, payload):
self.driver.get(self.base_url)
if self.cookies:
#What does this url variable represent, any value? - Chase
self.driver.get(url)
self.driver.add_cookie(self.cookies)
target_url = self.base_url
webelement_list = WebDriverWait(self.driver, 10).until(expected_conditions.presence_of_all_elements_located((By.XPATH, "//input | //textarea | //button")))
for id in webelement_list:
try:
if id.tag_name == 'textarea' or id.tag_name == 'input':
id.send_keys(payload)
#id.send_keys(Keys.ENTER)
WebDriverWait(self.driver, 1).until(expected_conditions.alert_is_present())
self.driver.switch_to.alert.accept()
if self.count_results(self.raw_params, target_url):
self.driver.quit()
self.final_report()
if id.tag_name == 'button' or id.tag_name == 'input':
id.click()
WebDriverWait(self.driver, 1).until(expected_conditions.alert_is_present())
self.driver.switch_to.alert.accept()
if self.count_results(self.raw_params, target_url):
self.driver.quit()
self.final_report()
except TimeoutException:
pass
except StaleElementReferenceException:
pass
except ElementNotInteractableException:
pass

def run_on_url(self):
print(blue('[*] Running URL Query Scan [*]'))
print(blue('[*] Running XSS Scan [*]'))
options = webdriver.ChromeOptions()
options.add_argument('--headless')
self.driver = webdriver.Chrome(chrome_options=options)
for payload in self.payloads:
if self.result_count == 1 and self.stop:
break
for param in self.params.keys():
previous_value = self.params[param]
self.params[param] = payload
target_url = encode_url(self.base_url, self.params)
raw_params = urllib.parse.urlencode(self.params)
options = webdriver.ChromeOptions()
options.add_argument('--headless')
driver = webdriver.Chrome(chrome_options=options)
if self.cookies:
driver.get(url)
driver.add_cookie(self.cookies)
driver.get(target_url)
driver.implicitly_wait(1)
#Don't make two selenium requests.
source_ = requests.get(self.base_url, cookies=self.cookies).text
diff_source = driver.page_source
DifDif = Differ(source_, diff_source)
try:
if driver.switch_to.alert.text or DifDif.isDifferent():
if self.stop is True:
self.result_count += 1
print(green('RESULTS: {}'.format(self.result_count).center(50, '='), bold=True))
print()
print(blue('[') + green('*', bold=True) + blue(']') + green(' Found XSS Vulnerability'))
print(blue('[') + green('*', bold=True) + blue(']') + green(' Payload:'), blue(raw_params))
print(blue('[') + green('*', bold=True) + blue(']') + green(' URL:'), blue(target_url))
print()
print(green(''.center(50, '='), bold=True))
driver.quit()
break
else:
self.result_count += 1
print(green('RESULTS: {}'.format(self.result_count).center(50, '='), bold=True))
print()
print(blue('[') + green('*', bold=True) + blue(']') + green(' Found XSS Vulnerability'))
print(blue('[') + green('*', bold=True) + blue(']') + green(' Payload:'), blue(raw_params))
print(blue('[') + green('*', bold=True) + blue(']') + green(' URL:'), blue(target_url))
print()
print(green(''.center(50, '='), bold=True))
self.results['results'].append({
'count': self.result_count,
'payload': raw_params,
'url': target_url
})
driver.quit()
except NoAlertPresentException:
pass
print(blue('[*] Completed URL Query Scan [*]'))
if self.html_scan:
print(blue('[*] Starting HTML XSS Scan [*]'))
options = webdriver.ChromeOptions()
options.add_argument('--headless')
driver = webdriver.Chrome(chrome_options=options)
if self.cookies:
driver.get(url)
driver.add_cookie(self.cookies)
source_ = requests.get(self.base_url, cookies=self.cookies).text
diff_source = driver.page_source
DifDif = Differ(source_, diff_source)
for payload in self.payloads:
if self.result_count == 2 and self.stop:
break
driver.get(self.base_url)
webelement_list = WebDriverWait(driver, 10).until(expected_conditions.presence_of_all_elements_located((By.XPATH, "//input | //textarea | //button")))
for id in webelement_list:
if self.result_count == 1 and self.stop:
break
try:
if id.tag_name == 'textarea' or id.tag_name == 'input':
id.send_keys(payload)
id.send_keys(Keys.ENTER)
try:
new = driver.find_element_by_css_selector('button').click()
except ElementNotInteractableException:
pass
if id.tag_name == 'button' or id.tag_name == 'input':
id.click()
if driver.switch_to.alert.text or DifDif.isDifferent():
if self.stop is True:
self.result_count += 1
print(green('RESULTS: {}'.format(self.result_count).center(50, '='), bold=True))
print()
print(blue('[') + green('*', bold=True) + blue(']') + green(' Found XSS Vulnerability'))
print(blue('[') + green('*', bold=True) + blue(']') + green(' Payload:'), blue(raw_params))
print(blue('[') + green('*', bold=True) + blue(']') + green(' URL:'), blue(target_url))
print()
print(green(''.center(50, '='), bold=True))
driver.quit()
break
else:
self.result_count += 1
print(green('RESULTS: {}'.format(self.result_count).center(50, '='), bold=True))
print()
print(blue('[') + green('*', bold=True) + blue(']') + green(' Found XSS Vulnerability'))
print(blue('[') + green('*', bold=True) + blue(']') + green(' Payload:'), blue(raw_params))
print(blue('[') + green('*', bold=True) + blue(']') + green(' URL:'), blue(target_url))
print()
print(green(''.center(50, '='), bold=True))
self.results['results'].append({
'count': self.result_count,
'payload': raw_params,
'url': target_url
})
driver.quit()
except NoAlertPresentException:
pass
except StaleElementReferenceException:
pass
except ElementNotInteractableException:
pass
print(blue('[*] Completed Scan on URL'))
if self.result_count == 0:
print(red('[!] No Results Found. Warning This Does NOT Mean You Are Not Still Vulnerable [!]'))
self.query_scanner(payload)
if self.html_scan:
self.html_scanner(payload)
self.final_report()

def count_results(self, raw_params, target_url):
self.result_count += 1
print(green('RESULTS: {}'.format(self.result_count).center(50, '='), bold=True))
print()
print(blue('[') + green('*', bold=True) + blue(']') + green(' Found XSS Vulnerability'))
print(blue('[') + green('*', bold=True) + blue(']') + green(' Payload:'), blue(raw_params))
print(blue('[') + green('*', bold=True) + blue(']') + green(' URL:'), blue(target_url))
print()
print(green(''.center(50, '='), bold=True))
self.results['results'].append({
'count': self.result_count,
'payload': raw_params,
'url': target_url
})
return True if self.stop and ((self.results_count >= 2 and self.html_scan) or (self.result_count >= 1 and not self.html_scan)) else False

def store_results(self):
if self.store_report:
Expand All @@ -204,3 +163,12 @@ def store_results(self):
json_file.seek(0)
json.dump(obj, json_file, indent=4)
print(blue('[*] Stored Results To {}'.format(real_path)))

def final_report(self):
print(blue('[*] Completed Scan on URL'))
if self.result_count == 0:
print(red('[!] No Results Found. Warning This Does NOT Mean You Are Not Still Vulnerable [!]'))
else:
self.store_results()
input("Press any key to exit.....")
os.exit(0)