-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxss_scanner.py
111 lines (93 loc) · 3.75 KB
/
xss_scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env python3
# Author: Abdou Rockikz
# Description: TODO: xss url scanner
# Date: TODO: 20211124
# Modified by: TODO: marburgja
# Import libraries
import requests
from pprint import pprint
from bs4 import BeautifulSoup as bs
from urllib.parse import urljoin
# Declare functions
### TODO: Add function explanation here ###
### This function sends data and returns all the forms from HTML content ###
def get_all_forms(url):
soup = bs(requests.get(url).content, "html.parser")
return soup.find_all("form")
### TODO: Add function explanation here ###
### This function returns all details pertaining to the HTML form (i.e. input, text, name, action, method) ###
def get_form_details(form):
details = {}
action = form.attrs.get("action").lower()
method = form.attrs.get("method", "get").lower()
inputs = []
for input_tag in form.find_all("input"):
input_type = input_tag.attrs.get("type", "text")
input_name = input_tag.attrs.get("name")
inputs.append({"type": input_type, "name": input_name})
details["action"] = action
details["method"] = method
details["inputs"] = inputs
return details
### TODO: Add function explanation here ###
### POSTs a form with the details given and then returns the HTTP responses ###
def submit_form(form_details, url, value):
target_url = urljoin(url, form_details["action"])
inputs = form_details["inputs"]
data = {}
for input in inputs:
if input["type"] == "text" or input["type"] == "search":
input["value"] = value
input_name = input.get("name")
input_value = input.get("value")
if input_name and input_value:
data[input_name] = input_value
if form_details["method"] == "post":
return requests.post(target_url, data=data)
else:
return requests.get(target_url, params=data)
### TODO: Add function explanation here ###
### scans and prints any vulnerable forms. If vulnerable it will return True if not it will return False ###
def scan_xss(url):
forms = get_all_forms(url)
print(f"[+] Detected {len(forms)} forms on {url}.")
js_script = "<script>alert('hack me!')</script>"
is_vulnerable = False
for form in forms:
form_details = get_form_details(form)
content = submit_form(form_details, url, js_script).content.decode()
if js_script in content:
print(f"[+] XSS Detected on {url}")
print(f"[*] Form details:")
pprint(form_details)
is_vulnerable = True
return is_vulnerable
# Main
### TODO: Add main explanation here ###
### starts the script, asks for a url to scan and then prints the output of the scan_xss function against the given url ###
if __name__ == "__main__":
url = input("Enter a URL to test for XSS:")
print(scan_xss(url))
### TODO: When you have finished annotating this script with your own comments, copy it to Web Security Dojo
### TODO: Test this script against one XSS-positive target and one XSS-negative target
### TODO: Paste the outputs here as comments in this script, clearling indicating which is positive detection and negative detection
### True Return
"""
Enter a URL to test for XSS:https://xss-game.appspot.com/level1/frame
[+] Detected 1 forms on https://xss-game.appspot.com/level1/frame.
[+] XSS Detected on https://xss-game.appspot.com/level1/frame
[*] Form details:
{'action': '',
'inputs': [{'name': 'query',
'type': 'text',
'value': "<script>alert('hack me!')</script>"},
{'name': None, 'type': 'submit'}],
'method': 'get'}
True
"""
### False Return
"""
Enter a URL to test for XSS:http://dvwa.local/vulnerabilities/xss_r/
[+] Detected 1 forms on http://dvwa.local/vulnerabilities/xss_r/.
False
"""