-
Notifications
You must be signed in to change notification settings - Fork 33
/
pocgenerator.py
63 lines (51 loc) · 2.42 KB
/
pocgenerator.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#REQUIREMENTS:
#pip install playwright nest_asyncio
#EXECUTE:
#playwright install
## Legal Disclaimer
#The use of APIDetector should be limited to testing and educational purposes only. The developers of APIDetector assume no liability and are not responsible for any misuse or damage caused by this tool. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no responsibility for unauthorized or illegal use of this tool. Before using APIDetector, ensure you have permission to test the network or systems you intend to scan.
import nest_asyncio
import asyncio
from playwright.async_api import async_playwright
import argparse
import sys
import re
nest_asyncio.apply()
def generate_output_filename(url):
# Remove the http or https part
url = re.sub(r'^https?:\/\/', '', url)
# Replace non-alphanumeric characters with underscores
filename = re.sub(r'[^a-zA-Z0-9]', '_', url)
return f"{filename[:60]}.png"
async def generate_poc_screenshot(url, output_file):
try:
async with async_playwright() as p:
browser = await p.chromium.launch()
page = await browser.new_page()
await page.goto(url)
await page.wait_for_load_state('networkidle')
# Wait for a specific element that indicates the page is fully loaded
await page.wait_for_selector('#swagger-ui')
# Check for the presence of the text "XSS"
content = await page.content()
if "XSS" in content:
print(f"XSS was found, PoC image saved as \"{output_file}\".")
# Take a screenshot
await page.screenshot(path=output_file)
else:
print("XSS was not found.")
await browser.close()
except Exception as e:
print("An error occurred.")
def main():
parser = argparse.ArgumentParser(description="PoC Generator - Generates a screenshot of the Swagger UI page if XSS text is found.")
parser.add_argument("url", help="The URL of the Swagger UI page.")
parser.add_argument("-o", "--output", help="Output file for the screenshot.")
args = parser.parse_args()
if not args.url:
print("URL is required.", file=sys.stderr)
sys.exit(1)
output_file = args.output or generate_output_filename(args.url)
asyncio.run(generate_poc_screenshot(args.url, output_file))
if __name__ == "__main__":
main()