richardevcom · May 14, 2020 04:59 · richardevcom · May 14, 2020
diff --git a/scan-stored-xss.py b/scan-stored-xss.py
 import requests
 import argparse
 import sys
 from bs4 import BeautifulSoup as bs
 from urllib.parse import urljoin


 """ Prepare arguments for script parse """
 parser = argparse.ArgumentParser(description="Detect if target is vulnerable to XSS!?")
 parser.add_argument('-u', dest='url', type=str, help="Target URL")
 parser.add_argument('-f', dest='file', type=str, help="File containing XSS exploits")


 def get_all_forms(u):
 	""" Parse HTML and get all forms """
 	soup = bs(requests.get(u).content, "html.parser")
 	forms = soup.find_all("form")
 	
 	if len(forms):
 		print(f"Found {len(forms)} forms.")
 		return forms
 	else:
 		print("No forms found.")
 		return False



 def get_data(forms):
 	""" Prepare form inputs - input,textarea """
 	data = {}

 	i = 0
 	if forms:
 		for form in forms:
 			method = form["method"].lower()

 			data[i] = {'action' : form["action"].lower(), 'method':method, 'inputs' : []}

 			form_inputs = form.find_all("input", recursive = False)
 			form_textareas = form.find_all("textarea", recursive = False)

 			if len(form_inputs) or len(form_textareas):
 				if len(form_inputs):
 					for form_input in form_inputs:
 						data[i]["inputs"].append(form_input)
 				if len(form_textareas):
 					for form_textarea in form_textareas:
 						data[i]["inputs"].append(form_textarea)
 			else:
 				print(f"No inputs found.")
 				return False
 			i+=1
 	
 	return data



 def get_contents(fl):
 	with open(fl) as f:
    		content = f.readlines()
 	content = [x.strip() for x in content] 
 	return content



 def has_xss(u, f):
 	forms = get_all_forms(u)
 	inputs = get_data(forms)
 	xss = get_contents(f)

 	if xss:
 		for exp in xss:
 			i = 0
 			data = {}
 			while inputs:
 				data_url = u
 				data_url = urljoin(u, inputs[i]["action"])

 				for inp in inputs[i]["inputs"]:
 					try:
 						iname = inp["name"]
 						data[iname] = exp
 					except:
 			  			pass
 				if inputs[i]["method"] == "post":
 					print(f"Trying: {exp}")
 					#get_headers = requests.post(u)
 					#headers = get_headers.headers
 					#print(headers)
 					response = requests.post(data_url, data=data)
 				else:
 					print(f"Trying: {exp} on {data_url}")
 					#get_headers = requests.post(u)
 					#headers = get_headers.headers
 					#print(headers)
 					response = requests.get(data_url, params=data)

 				print(response.status_code, response.reason)

 				response = response.content.decode()
 				if exp in response:
 					print(f"XSS vulnerability {exp} found in {u}")
 					sys.exit()
 				i+=1
 				if i >= len(inputs):
 					break
 	
 	else:
 		print(f"File not found in {f}.")
 		sys.exit()



 if __name__ == "__main__":
 	args = parser.parse_args(sys.argv[1:])
 	
 	has_xss(args.url, args.file)
	import requests
	import argparse
	import sys
	from bs4 import BeautifulSoup as bs
	from urllib.parse import urljoin


	""" Prepare arguments for script parse """
	parser = argparse.ArgumentParser(description="Detect if target is vulnerable to XSS!?")
	parser.add_argument('-u', dest='url', type=str, help="Target URL")
	parser.add_argument('-f', dest='file', type=str, help="File containing XSS exploits")


	def get_all_forms(u):
	""" Parse HTML and get all forms """
	soup = bs(requests.get(u).content, "html.parser")
	forms = soup.find_all("form")

	if len(forms):
	print(f"Found {len(forms)} forms.")
	return forms
	else:
	print("No forms found.")
	return False



	def get_data(forms):
	""" Prepare form inputs - input,textarea """
	data = {}

	i = 0
	if forms:
	for form in forms:
	method = form["method"].lower()

	data[i] = {'action' : form["action"].lower(), 'method':method, 'inputs' : []}

	form_inputs = form.find_all("input", recursive = False)
	form_textareas = form.find_all("textarea", recursive = False)

	if len(form_inputs) or len(form_textareas):
	if len(form_inputs):
	for form_input in form_inputs:
	data[i]["inputs"].append(form_input)
	if len(form_textareas):
	for form_textarea in form_textareas:
	data[i]["inputs"].append(form_textarea)
	else:
	print(f"No inputs found.")
	return False
	i+=1

	return data



	def get_contents(fl):
	with open(fl) as f:
	content = f.readlines()
	content = [x.strip() for x in content]
	return content



	def has_xss(u, f):
	forms = get_all_forms(u)
	inputs = get_data(forms)
	xss = get_contents(f)

	if xss:
	for exp in xss:
	i = 0
	data = {}
	while inputs:
	data_url = u
	data_url = urljoin(u, inputs[i]["action"])

	for inp in inputs[i]["inputs"]:
	try:
	iname = inp["name"]
	data[iname] = exp
	except:
	pass
	if inputs[i]["method"] == "post":
	print(f"Trying: {exp}")
	#get_headers = requests.post(u)
	#headers = get_headers.headers
	#print(headers)
	response = requests.post(data_url, data=data)
	else:
	print(f"Trying: {exp} on {data_url}")
	#get_headers = requests.post(u)
	#headers = get_headers.headers
	#print(headers)
	response = requests.get(data_url, params=data)

	print(response.status_code, response.reason)

	response = response.content.decode()
	if exp in response:
	print(f"XSS vulnerability {exp} found in {u}")
	sys.exit()
	i+=1
	if i >= len(inputs):
	break

	else:
	print(f"File not found in {f}.")
	sys.exit()



	if __name__ == "__main__":
	args = parser.parse_args(sys.argv[1:])

	has_xss(args.url, args.file)