-
Notifications
You must be signed in to change notification settings - Fork 0
/
xss.py
executable file
·124 lines (94 loc) · 4.69 KB
/
xss.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import ninja
import argparse
import timeit
import multiprocessing as mp
import sys
# save_data의 경우는 함수마다 공격의 결과값을 판단하는 패턴이 다르므로 개별로 정의
class xss(ninja.web):
def save_data(self, method, case, url, payloads, res):
self.collection_saving_results = self.db["report"]
print res.url
# print payloads
res_content = res.content
for attack_command in self.attack_commands:
if res_content.find(attack_command) > 0:
# case2 and post
if payloads:
self.collection_saving_results.insert({"url" : url,
"attack name" : "xss",
"method" : method,
"case" : case,
"payload" : str(res.url) + str(payloads),
"res_code" : res.status_code,
"res_length" : len(str(res.content)),
"res_headers" : str(res.headers),
"res_content" : str(res.content),
"res_time" : res.elapsed.total_seconds()
})
print "[+] [%s][%s] %s?%s" %(case, method, url, payloads)
# case1 and get, case2 and get
else:
self.collection_saving_results.insert({"url" : url,
"attack name" : "xss",
"method" : method,
"case" : case,
"payload" : res.url,
"res_code" : res.status_code,
"res_length" : len(str(res.content)),
"res_headers" : str(res.headers),
"res_content" : str(res.content),
"res_time" : res.elapsed.total_seconds()
})
print "[+] [%s][%s] %s" %(case, method, res.url)
if __name__ == "__main__":
usage = '''./xss.py -t testfire -p payload/xss_query -u demo.testfire.net -c cookie'''
parser = argparse.ArgumentParser(description = "xss attack for pen testing", \
usage = usage)
parser.add_argument("-t", "--table", required=True, help="collection that saved urls")
parser.add_argument("-p", "--payload", required=True, help="payload characters to attack")
parser.add_argument("-u", "--url", required=True, help="requests in origin_url")
parser.add_argument("-c", "--cookie", required=False, help="filename that contains a cookie")
parser.add_argument("-o", "--timeout", required=False, help="default timeout is 1 sec")
parser.add_argument("-v", "--version", action='version', version = 'JongWon Kim (dikien2012@gmail.com)\n%(prog)s - v.1.1 (05/05/2014)')
args = parser.parse_args()
collection_saving_urls = args.table
attack_strings_filename = args.payload
origin_url = args.url
cookie_filename = args.cookie
timeout = args.timeout
start_time = timeit.default_timer()
os_version = sys.platform
xss = xss(collection_saving_urls, cookie_filename, attack_strings_filename, timeout, origin_url)
# 공격의 예상시간을 출력
xss.predict_attack_time()
processes = []
# 공격에 필요한 url을 테이블에서 가져옴
urls = xss.search_urls()
if os_version.find("win32") == -1:
for url in urls:
process = mp.Process(target = xss.attack_case1, args=(url,))
processes.append(process)
process.start()
for item in processes:
item.join()
else:
for url in urls:
process = mp.Process(target = xss.attack_case1(url))
processes = []
# case 2,3
if os_version.find("win32") == -1:
for url in urls:
process = mp.Process(target = xss.attack_case2, args=(url,))
processes.append(process)
process.start()
for item in processes:
item.join()
else:
for url in urls:
process = mp.Process(target = xss.attack_case2(url))
end_time = timeit.default_timer()
print "*" * 120
print '\nattack is done: ', end_time - start_time
print "*" * 120