xss-loader/xssScan.py at master · wlock6/xss-loader · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import requests
import sys
import random


class bcolors:
    CBLACK = '\33[30m'
    CRED = '\33[31m'
    CGREEN = '\33[32m'
    CYELLOW = '\33[33m'
    CBLUE = '\33[34m'
    CVIOLET = '\33[35m'
    CBEIGE = '\33[36m'
    CWHITE = '\33[37m'


def get_user_agent():
    try:
        lines = [line.rstrip("\n") for line in open("useragent.txt")]
    except IOError as e:
        print("User Agent error: %s" % e.strerror)
        sys.exit(1)
    return lines


def xssFind():
    try:
        print(bcolors.CVIOLET,"e.g target -----> http://target.com/index.php?name=")
        url = input("Please Enter Target Url\t:")
        print(bcolors.CBLUE,"Default Payload List -----> xss-payloads.txt \t")
        y = """
        1)  BASIC PAYLOAD LIST
        2)  DIV PAYLOAD LIST
        3)  IMG PAYLOAD LIST
        4)  BODY PAYLOAD LIST
        5)  SVG PAYLOAD LIST
        6)  MIXED PAYLOAD LIST
        7)  ENTER FILE PATH
        8)  EXIT
        """
        print(y)
        choose = input("---->PLEASE CHOOSE PAYLOAD LIST\t:")
        if choose == '1':
            print("Selected payload:basic.txt\n")
            choose = "basic.txt"
        elif choose == '2':
            print("Selected payload:div.txt\n")
            choose = "div.txt"
        elif choose == '3':
            print("Selected payload:img.txt\n")
            choose = "img.txt"
        elif choose == '4':
            print("Selected payload:body.txt\n")
            choose = "body.txt"
        elif choose == '5':
            print("Selected payload:svg.txt\n")
            choose = "svg.txt"
        elif choose == '6':
            print("Selected payload:xss-payloads.txt\n")
            choose = "xss-payloads.txt"
        elif choose == '7':
            print(bcolors.CBEIGE,"e.g. path -----> /usr/share/wordlists/wfuzz/Injections/XSS.txt")
            choose = input("Path enter\t:")
        elif choose == '8':
            print("Exiting...")
            sys.exit()
        else:
            print("Wrong Choose..!!!")
        choose = choose.replace("\\", "/")
        while True:
            with open(choose, "r", errors="replace") as f:
                for i in f:
                    try:
                        usrr = get_user_agent()
                        header = {"User-Agent": "{}".format(random.choice(usrr))}
                        req = requests.get(url + i, headers=header)
                        if i in req.text:
                            print(bcolors.CRED,"Parameter vulnerable\r\n")
                            print(bcolors.CRED,"Vulneranle Payload Find\t: " + req.url)
                            with open("vulnpayload.txt", "a+") as ss:
                                ss.write(i)

                        else:
                            print(bcolors.CBLUE,"TRYING\t:", req.url)
                    except:
                        pass
                break


    except Exception as err:
        print(err)