Implementing Code To Discover XSS in Parameters

1. Watch the URL of the XSS reflected page carefully.

2. Add the  test_xss_in_link method in the Scanner class.

#!/usr/bin/env python

import requests

import re

from bs4 import BeautifulSoup

from urllib.parse import urljoin

class Scanner:

    def __init__(self, url, ignore_links):

        self.session = requests.Session()

        self.target_url = url

        self.target_links = []

        self.links_to_ignore = ignore_links

    def extract_links_from(self, url):

        response = self.session.get(url)

        return re.findall('(?:href=")(.*?)"', response.content.decode(errors='ignore'))

    def crawl(self, url=None):

        if url == None:

            url = self.target_url

        href_links = self.extract_links_from(url)

        for link in href_links:

            link = urljoin(url, link)

            if "#" in link:

                link = link.split("#")[0]

            if self.target_url in link and link not in self.target_links and link not in self.links_to_ignore:

                self.target_links.append(link)

                print(link)

                self.crawl(link)

    def extract_forms(self, url):

        response = self.session.get(url)

        parsed_html = BeautifulSoup(response.content.decode(), features="lxml")

        return parsed_html.findAll("form")

    def submit_form(self, form, value, url):

        action = form.get("action")

        post_url = urljoin(url, action)

        method = form.get("method")

        inputs_list = form.findAll("input")

        post_data = {}

        for input in inputs_list:

            input_name = input.get("name")

            input_type = input.get("type")

            input_value = input.get("value")

            if input_type == "text":

                input_value = value

            post_data[input_name] = input_value

        if method == "post":

            return requests.post(post_url, data=post_data)

        return self.session.get(post_url, params=post_data)

    def run_scanner(self):

        for link in self.target_links:

            forms = self.extract_forms(link)

            for form in forms:

                print("[+] Testing form in " + link)

            if "=" in link:

                print("[+] Testing " + link)

    def test_xss_in_link(self, url):

        xss_test_script = "<sCript>alert('test')</scriPt>"

        url = url.replace("=", "=" + xss_test_script)

        response = self.session.get(url)

        return xss_test_script in response.content.decode()

    def test_xss_in_form(self, form, url):

        xss_test_script = "<sCript>alert('test')</scriPt>"

        response = self.submit_form(form, xss_test_script, url)

        return xss_test_script in response.content.decode()

3. Test this scanner.

#!/usr/bin/env python

import scanner

target_url = "http://10.0.0.45/dvwa/"

links_to_ignore = "http://10.0.0.45/dvwa/logout.php"

data_dict = {"username": "admin", "password": "password", "Login": "submit"}

vuln_scanner = scanner.Scanner(target_url, links_to_ignore)

vuln_scanner.session.post("http://10.0.0.45/dvwa/login.php", data=data_dict)

# vuln_scanner.crawl()

forms = vuln_scanner.extract_forms("http://10.0.0.45/dvwa/vulnerabilities/xss_r/")

print(forms)

response = vuln_scanner.test_xss_in_link("http://10.0.0.45/dvwa/vulnerabilities/xss_r/?name=test")

print(response)

Test the web page - http://10.0.0.45/dvwa/vulnerabilities/xss_r/?name=test:

vuln_scanner.test_xss_in_link("http://10.0.0.45/dvwa/vulnerabilities/xss_r/?name=test")

It is vulnerable on XSS.

Test the web page - http://10.0.0.45/dvwa/vulnerabilities/fi/?page=include.php:

vuln_scanner.test_xss_in_link("http://10.0.0.45/dvwa/vulnerabilities/fi/?page=include.php")

It is not vulnerable on XSS.

Python Ethical Hacking - VULNERABILITY SCANNER(8)的更多相关文章

  1. Python Ethical Hacking - VULNERABILITY SCANNER(9)

    Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(7)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  3. Python Ethical Hacking - VULNERABILITY SCANNER(4)

    Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...

  4. Python Ethical Hacking - VULNERABILITY SCANNER(2)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  5. Python Ethical Hacking - VULNERABILITY SCANNER(3)

    Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...

  6. Python Ethical Hacking - VULNERABILITY SCANNER(1)

    HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...

  7. Python Ethical Hacking - VULNERABILITY SCANNER(6)

    EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...

  8. Python Ethical Hacking - VULNERABILITY SCANNER(5)

    EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript cod ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. 小白的mapbox学习之路-显示地图

    刚接触mapbox,只是简单记下自己的学习之路,如有错误,欢迎大神指正 1-头部引入链接 2-body中定义一个div块,用来显示地图 3-在script中创建一个map对象,并设置相关参数 mapb ...

  2. 利用salt进行系统初始化操作

    使用salt对系统进行初始化操作 概述 使用cobbler安装的操作系统,默认安装了一些基本的软件,比如zabbix-agent.salt-minion等,还没有对系统进行基本的初始化操作,为了实现标 ...

  3. Docker Dockerfile 指令详解与实战案例

    Dockerfile介绍及常用指令,包括FROM,RUN,还提及了 COPY,ADD,EXPOSE,WORKDIR等,其实 Dockerfile 功能很强大,它提供了十多个指令. Dockerfile ...

  4. 利用synchronized解析死锁的一种形成方式

    代码 import ... public class Test{ private static Object o1=new Object(); private static Object o2=new ...

  5. spring boot actuator监控需要注意的点

    1. /metrics接口提供的信息进行简单分类如下表: 分类 前缀 报告内容 垃圾收集器 gc.* 已经发生过的垃圾收集次数,以及垃圾收集所耗费的时间,适用于标记-清理垃圾收集器和并行垃圾收集器(数 ...

  6. Jmeter系列(31)- 获取并使用 JDBC Request 返回的数据

    如果你想从头学习Jmeter,可以看看这个系列的文章哦 https://www.cnblogs.com/poloyy/category/1746599.html 前言 Jmeter 使用 JDBC R ...

  7. ECSHOP后台左侧添加菜单栏

    比如我们在后台中增加 “活动管理”功能,方法如下 在ECSHOP 管理中心共用语言文件 language\zh_cn\admin\commn.php ,添加我们的自定义菜单: $_LANG['17_a ...

  8. CodeForces 3 D.Least Cost Bracket Sequence【贪心+优先队列】

    Description 给出一个括号序列,中间有一些问号,将第i个问号换成左括号代价是a[i],换成右括号代价是b[i],问如果用最少的代价将这个括号序列变成一个合法的括号序列 Input 第一行一个 ...

  9. JavaScript基础函数体中的唯一var模式(002)

    全局变量是不好的.所以在声名变量的时候,应该采用函数体中的唯一var模式(Single var Pattern).这个模式有不少好处: 提供了一个唯一的地方来查看函数体中声名的变量 在使用一个变量之前 ...

  10. 面试WEB前端如何才能通过?

    从事web前端工作七年时间,因为一直是非常热爱编程的,从小就有兴趣,大学就是学计算机的,技术应该比一般同龄的都要好一些,今天我想给大家讲述一下,目前想要做web前端开发,面试成功应该如何去学习,要具备 ...