Implementing Code To Discover XSS in Parameters

1. Watch the URL of the XSS reflected page carefully.

2. Add the  test_xss_in_link method in the Scanner class.

#!/usr/bin/env python

import requests

import re

from bs4 import BeautifulSoup

from urllib.parse import urljoin

class Scanner:

    def __init__(self, url, ignore_links):

        self.session = requests.Session()

        self.target_url = url

        self.target_links = []

        self.links_to_ignore = ignore_links

    def extract_links_from(self, url):

        response = self.session.get(url)

        return re.findall('(?:href=")(.*?)"', response.content.decode(errors='ignore'))

    def crawl(self, url=None):

        if url == None:

            url = self.target_url

        href_links = self.extract_links_from(url)

        for link in href_links:

            link = urljoin(url, link)

            if "#" in link:

                link = link.split("#")[0]

            if self.target_url in link and link not in self.target_links and link not in self.links_to_ignore:

                self.target_links.append(link)

                print(link)

                self.crawl(link)

    def extract_forms(self, url):

        response = self.session.get(url)

        parsed_html = BeautifulSoup(response.content.decode(), features="lxml")

        return parsed_html.findAll("form")

    def submit_form(self, form, value, url):

        action = form.get("action")

        post_url = urljoin(url, action)

        method = form.get("method")

        inputs_list = form.findAll("input")

        post_data = {}

        for input in inputs_list:

            input_name = input.get("name")

            input_type = input.get("type")

            input_value = input.get("value")

            if input_type == "text":

                input_value = value

            post_data[input_name] = input_value

        if method == "post":

            return requests.post(post_url, data=post_data)

        return self.session.get(post_url, params=post_data)

    def run_scanner(self):

        for link in self.target_links:

            forms = self.extract_forms(link)

            for form in forms:

                print("[+] Testing form in " + link)

            if "=" in link:

                print("[+] Testing " + link)

    def test_xss_in_link(self, url):

        xss_test_script = "<sCript>alert('test')</scriPt>"

        url = url.replace("=", "=" + xss_test_script)

        response = self.session.get(url)

        return xss_test_script in response.content.decode()

    def test_xss_in_form(self, form, url):

        xss_test_script = "<sCript>alert('test')</scriPt>"

        response = self.submit_form(form, xss_test_script, url)

        return xss_test_script in response.content.decode()

3. Test this scanner.

#!/usr/bin/env python

import scanner

target_url = "http://10.0.0.45/dvwa/"

links_to_ignore = "http://10.0.0.45/dvwa/logout.php"

data_dict = {"username": "admin", "password": "password", "Login": "submit"}

vuln_scanner = scanner.Scanner(target_url, links_to_ignore)

vuln_scanner.session.post("http://10.0.0.45/dvwa/login.php", data=data_dict)

# vuln_scanner.crawl()

forms = vuln_scanner.extract_forms("http://10.0.0.45/dvwa/vulnerabilities/xss_r/")

print(forms)

response = vuln_scanner.test_xss_in_link("http://10.0.0.45/dvwa/vulnerabilities/xss_r/?name=test")

print(response)

Test the web page - http://10.0.0.45/dvwa/vulnerabilities/xss_r/?name=test:

vuln_scanner.test_xss_in_link("http://10.0.0.45/dvwa/vulnerabilities/xss_r/?name=test")

It is vulnerable on XSS.

Test the web page - http://10.0.0.45/dvwa/vulnerabilities/fi/?page=include.php:

vuln_scanner.test_xss_in_link("http://10.0.0.45/dvwa/vulnerabilities/fi/?page=include.php")

It is not vulnerable on XSS.

Python Ethical Hacking - VULNERABILITY SCANNER(8)的更多相关文章

  1. Python Ethical Hacking - VULNERABILITY SCANNER(9)

    Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(7)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  3. Python Ethical Hacking - VULNERABILITY SCANNER(4)

    Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...

  4. Python Ethical Hacking - VULNERABILITY SCANNER(2)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  5. Python Ethical Hacking - VULNERABILITY SCANNER(3)

    Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...

  6. Python Ethical Hacking - VULNERABILITY SCANNER(1)

    HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...

  7. Python Ethical Hacking - VULNERABILITY SCANNER(6)

    EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...

  8. Python Ethical Hacking - VULNERABILITY SCANNER(5)

    EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript cod ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. 小师妹学JVM之:JIT中的LogCompilation

    目录 简介 LogCompilation简介 LogCompilation的使用 解析LogCompilation文件 总结 简介 我们知道在JVM中为了加快编译速度,引入了JIT即时编译的功能.那么 ...

  2. kill杀死进程

    [root@queen ~]# kill 选项 %进程号 选项与参数: -l :这个是L 的小写,列出kill 能够使用的signal - :重新读取一次参数的设定档(类似reload) - :代表与 ...

  3. 你所不知道的redis安装方法,穿一手鞋,看一手资料

    一 .准备工作 $ yum install wget $ cd /opt/ $ mkdir redis $cd redis $ ll wget http://download.redis.io/rel ...

  4. lw_oopc(c语言实现面向过程宏文件)解析

    一:计算结构体成员变量偏移量宏 #ifdef LW_OOPC_USE_USER_DEFINED_OFFSETOF // 有些环境可能不支持,不过,这种情形极少出现 #define LW_OOPC_OF ...

  5. Newtonsoft 六个超简单又实用的特性,值得一试 【下篇】

    一:讲故事 上一篇介绍的 6 个特性从园子里的反馈来看效果不错,那这一篇就再带来 6 个特性同大家一起欣赏. 二:特性分析 1. 像弱类型语言一样解析 json 大家都知道弱类型的语言有很多,如: n ...

  6. 33_栈程序演示.swf

    pBottom执行栈底有效元素的前一个节点,该节点没有存储有效数据,这样设计是便于栈的管理,向链表一样pHead指向链表的第一个节点,该节点是不存储有效数据的 pTop执行栈顶最新的节点 如果pTop ...

  7. 主机Redis服务迁移到现有Docker Overlay环境

    记录最后一次对中型2C企业级项目的容器化改造 hello, 好久不见,之前文章记录了一个实战的2C分布式项目的改造过程,结果如下: 其中Redis并未完成容器化改造(目前是主机单点),本文记录将Red ...

  8. 入门大数据---Kafka生产者详解

    一.生产者发送消息的过程 首先介绍一下 Kafka 生产者发送消息的过程: Kafka 会将发送消息包装为 ProducerRecord 对象, ProducerRecord 对象包含了目标主题和要发 ...

  9. html+css快速入门教程(5)

    练习: 1.画盒子1 2.画盒子2 3.京东特色购物 4.京东发现好货 5.京东玩3c 7.3 定位 通过使用 position 属性,我们可以选择 3 种不同类型的定位,这会影响元素框生成的方式. ...

  10. 前端笔记(关于webpack打包时内存溢出问题的解决)

    首先安装increase-memory-limit cnpm install -g increase-memory-limit 重启cmd,并在项目跟目录中运行一下 increase-memory-l ...