资源简介
XSS是一种非常常见的漏洞类型,它的影响非常的广泛并且很容易的就能被检测到。
攻击者可以在未经验证的情况下,将不受信任的JavaScript片段插入到你的应用程序中,然后这个JavaScript将被访问目标站点的受害者执行
代码片段和文件信息
#!/usr/bin/env python
#!BruteXSS
#!Cross-Site scripting Bruteforcer
#!Author: Shawar Khan
#!Site: https://shawarkhan.com
from string import whitespace
import httplib
import urllib
import socket
import urlparse
import os
import sys
import time
from colorama import init style BackFore
import mechanize
import httplib
init()
banner = “““
____ _ __ ______ ____
| __ ) _ __ _ _| |_ ___ \ \/ / ___/ ___|
| _ \| ‘__| | | | __/ _ \ \ /\___ \___ \
| |_) | | | |_| | || __/ / \ ___) |__) |
|____/|_| \___|\__\___| /_/\_\____/____/
BruteXSS - Cross-Site scripting BruteForcer
Author: Shawar Khan - https://shawarkhan.com
Sponsored & Supported by Netsparker Web Application Security Scanner ( https://www.netsparker.com )
Note: Using incorrect payloads in the custom
wordlist may give you false positives so its
better to use the wordlist which is already
provided for positive results.
“““
def brutexss():
if os.name == ‘nt‘:
os.system(‘cls‘)
else:
os.system(‘clear‘)
print banner
def again():
inp = raw_input(“[?] [E]xit or launch [A]gain? (e/a)“).lower()
if inp == ‘a‘:
brutexss()
elif inp == ‘e‘:
exit()
else:
print(“[!] Incorrect option selected“)
again()
grey = style.DIM+Fore.WHITE
def wordlistimport(filelst):
try:
with open(file‘r‘) as f: #Importing Payloads from specified wordlist.
print(style.DIM+Fore.WHITE+“[+] Loading Payloads from specified wordlist...“+style.RESET_ALL)
for line in f:
final = str(line.replace(“\n“““))
lst.append(final)
except IOError:
print(style.BRIGHT+Fore.RED+“[!] Wordlist not found!“+style.RESET_ALL)
again()
def bg(pstatus):
try:
b = ““
l = ““
lostatus = ““
num = []
s = len(max(p key=len)) #list
if s < 10:
s = 10
for i in range(len(p)): num.append(i)
maxval = str(len(num)) #number
for i in range(s) : b = b + “-“
for i in range(len(maxval)):l = l + “-“
statuslen = len(max(status key=len))
for i in range(statuslen) : lostatus = lostatus + “-“
if len(b) < 10 :
b = “----------“
if len(lostatus) < 14:
lostatus=“--------------“
if len(l) < 2 :
l = “--“
los = statuslen
if los < 14:
los = 14
lenb=len(str(len(b)))
if lenb < 14:
lenb = 10
else:
lenb = 20
upb = (“+-%s-+-%s-+-%s-+“)%(lblostatus)
print(upb)
st0 = “Parameters“
st1 = “Status“
print(“| Id | “+st0.center(s“ “)+“ | “+st1.center(los“ “)+“ |“)
print(upb)
for nid in zip(numpstatus):
string = (“ %s | %s “)%(str(n)str(i));
lofnum = str(n).center(int(len(l))“ “)
lofstr = i.center(s“ “)
lofst = d.center(los“ “)
if “Not Vulnerable“ in lofst:
lofst = Fore.GREEN+d.center(los“ “)+style.RESET_ALL
else:
lofst = Fore.RED+d.center(los“ “)+style.RESET_ALL
print(“| “
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
目录 0 2016-07-19 10:15 BruteXSS-master\
文件 11361 2016-07-15 19:02 BruteXSS-master\brutexss.py
目录 0 2016-07-19 10:16 BruteXSS-master\colorama\
文件 2524 2016-07-15 19:02 BruteXSS-master\colorama\ansi.py
文件 4016 2016-07-19 10:16 BruteXSS-master\colorama\ansi.pyc
文件 9668 2016-07-15 19:02 BruteXSS-master\colorama\ansitowin32.py
文件 8807 2016-07-19 10:16 BruteXSS-master\colorama\ansitowin32.pyc
文件 1917 2016-07-15 19:02 BruteXSS-master\colorama\initialise.py
文件 2172 2016-07-19 10:16 BruteXSS-master\colorama\initialise.pyc
文件 5365 2016-07-15 19:02 BruteXSS-master\colorama\win32.py
文件 4546 2016-07-19 10:16 BruteXSS-master\colorama\win32.pyc
文件 6290 2016-07-15 19:02 BruteXSS-master\colorama\winterm.py
文件 5588 2016-07-19 10:16 BruteXSS-master\colorama\winterm.pyc
文件 240 2016-07-15 19:02 BruteXSS-master\colorama\__init__.py
文件 457 2016-07-19 10:16 BruteXSS-master\colorama\__init__.pyc
文件 35141 2016-07-15 19:02 BruteXSS-master\License.txt
目录 0 2016-07-19 10:16 BruteXSS-master\mechanize\
文件 2576 2016-07-15 19:02 BruteXSS-master\mechanize\_auth.py
文件 2794 2016-07-19 10:16 BruteXSS-master\mechanize\_auth.pyc
文件 40725 2016-07-15 19:02 BruteXSS-master\mechanize\_beautifulsoup.py
文件 42201 2016-07-19 10:16 BruteXSS-master\mechanize\_beautifulsoup.pyc
文件 65502 2016-07-15 19:02 BruteXSS-master\mechanize\_clientcookie.py
文件 58971 2016-07-19 10:16 BruteXSS-master\mechanize\_clientcookie.pyc
文件 938 2016-07-15 19:02 BruteXSS-master\mechanize\_debug.py
文件 1493 2016-07-19 10:16 BruteXSS-master\mechanize\_debug.pyc
文件 8345 2016-07-15 19:02 BruteXSS-master\mechanize\_firefox3cookiejar.py
文件 8863 2016-07-19 10:16 BruteXSS-master\mechanize\_firefox3cookiejar.pyc
文件 120863 2016-07-15 19:02 BruteXSS-master\mechanize\_form.py
文件 113485 2016-07-19 10:16 BruteXSS-master\mechanize\_form.pyc
文件 3317 2016-07-15 19:02 BruteXSS-master\mechanize\_gzip.py
文件 4519 2016-07-19 10:16 BruteXSS-master\mechanize\_gzip.pyc
............此处省略44个文件信息
评论
共有 条评论