XSpear 1.0.0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 hahwul
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,218 @@
+# XSpear
+XSpear is XSS Scanner on ruby gems
+
+<img src="https://img.shields.io/static/v1.svg?label=lang&message=ruby&color=RED"> <img src="https://img.shields.io/github/languages/top/hahwul/XSpear.svg"> <img src="https://img.shields.io/static/v1.svg?label=version&message=1.0&color=purple"> <img src="https://img.shields.io/github/license/hahwul/XSpear.svg"> <a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/static/v1.svg?label=follow&message=hahwul&color=black"></a>
+
+## Key features
+- Pattern matching based XSS scanning
+- Dynamic test based XSS scanning (with Selenium)
+- Testing request/response for XSS protection bypass and reflected params
+- Enable XSpear in code with Gem library load
+- Support output format `cli` `json`
+- Support custom callback code to any test various attack vectors
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'XSpear'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install XSpear
+
+Or install it yourself as (local file):
+
+    $ gem install XSpear-0.1.0.gem
+
+### Dependency gems
+`colorize` `selenium-webdriver`<br>
+If you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command.
+
+```
+$ gem install colorize
+$ gem install selenium-webdriver
+```
+
+## Usage on cli
+
+```
+Usage: xspear -u [target] -[options] [value]
+[ e.g ]
+$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'
+
+[ Options ]
+    -u, --url=target_URL             [required] Target Url
+    -d, --data=POST Body             [optional] POST Method Body data
+        --headers=HEADERS            [optional] Add HTTP Headers
+        --cookie=COOKIE              [optional] Add Cookie
+    -l, --level=1~3                  [optional] Custom scan level
+                                      + Default value: 3
+                                      + Level3
+                                      + Level2
+                                      + Level1: 
+    -t, --threads=NUMBER             [optional] thread , default: 10
+    -o, --output=FILENAME            [optional] Save JSON Result
+    -v, --verbose=1~3                [optional] Show log depth
+                                      + Default value: 2
+                                      + v=1 : quite mode
+                                      + v=2 : show scanning log
+                                      + v=3 : show detail log(req/res)
+    -h, --help                       Prints this help
+        --update                     Update with online
+
+```
+
+### Case by Case
+**Scanning XSS**
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
+```
+
+**json output**
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 1
+```
+
+**detail log**
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -v 3
+```
+
+etc...
+
+### Sample log
+**Scanning XSS**
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=1"
+[*] creating a test query.
+[*] test query generation is complete. [50 query]
+[*] starting test and analysis. [10 threads]
+[I] [00:57:24] reflected XsPeaR>[param: searchFor][not filtered >]
+[-] [00:57:24] not reflected XsPeaR>
+[-] [00:57:24] not reflected <XsPeaR
+[-] [00:57:24] not reflected XsPeaR"
+[-] [00:57:24] not reflected rEfe6
+...snip...
+[-] [00:57:27] not reflected <script>alert(45)</script>
+[H] [00:57:27] reflected <svg/onload=alert(45)>[param: searchFor][reflected XSS Code]
+[-] [00:57:27] not reflected <svg/onload=alert(45)>
+[*] finish scan. the report is being generated..
++----+------+-------------+------------------------------------------------------------+---------------------+
+|                                             [ XSpear report ]                                              |
+|                 2019-07-17 00:57:23 +0900 ~ 2019-07-17 00:58:08 +0900 || Found 24 issues.                  |
+|                              http://testphp.vulnweb.com/search.php?test=query                              |
++----+------+-------------+------------------------------------------------------------+---------------------+
+| NO | TYPE | ISSUE       | PAYLOAD                                                    | DESCRIPTION         |
++----+------+-------------+------------------------------------------------------------+---------------------+
+| 0  | INFO | FILERD RULE | searchFor=yyXsPeaR%3E                                      | not filtered >      |
+| 1  | INFO | FILERD RULE | searchFor=yy%3CXsPeaR                                      | not filtered <      |
+| 2  | INFO | FILERD RULE | searchFor=yyXsPeaR%22                                      | not filtered "      |
+| 3  | INFO | FILERD RULE | searchFor=yyXsPeaR%27                                      | not filtered '      |
+| 4  | INFO | REFLECTED   | searchFor=yyrEfe6                                          | reflected parameter |
+| 5  | INFO | FILERD RULE | searchFor=yyXsPeaR%28                                      | not filtered (      |
+| 6  | INFO | FILERD RULE | searchFor=yyXsPeaR%7C                                      | not filtered |      |
+| 7  | INFO | FILERD RULE | searchFor=yyXsPeaR%3B                                      | not filtered ;      |
+| 8  | INFO | FILERD RULE | searchFor=yyXsPeaR%29                                      | not filtered )      |
+| 9  | INFO | FILERD RULE | searchFor=yyXsPeaR%60                                      | not filtered `      |
+| 10 | INFO | FILERD RULE | searchFor=yyXsPeaR%5B                                      | not filtered [      |
+| 11 | INFO | FILERD RULE | searchFor=yyXsPeaR%7B                                      | not filtered {      |
+| 12 | INFO | FILERD RULE | searchFor=yyXsPeaR%5D                                      | not filtered ]      |
+| 13 | INFO | FILERD RULE | searchFor=yyXsPeaR%7D                                      | not filtered }      |
+| 14 | INFO | FILERD RULE | searchFor=yyXsPeaR%3A                                      | not filtered :      |
+| 15 | INFO | FILERD RULE | searchFor=yyXsPeaR.                                        | not filtered .      |
+| 16 | INFO | FILERD RULE | searchFor=yyXsPeaR%2B                                      | not filtered +      |
+| 17 | INFO | FILERD RULE | searchFor=yyXsPeaR%2C                                      | not filtered ,      |
+| 18 | INFO | FILERD RULE | searchFor=yyXsPeaR%3D                                      | not filtered =      |
+| 19 | INFO | FILERD RULE | searchFor=yyXsPeaR-                                        | not filtered -      |
+| 20 | HIGH | XSS         | searchFor=yy%3Cimg%2Fsrc+onerror%3Dalert%2845%29%3E        | reflected XSS Code  |
+| 21 | INFO | FILERD RULE | searchFor=yyXsPeaR%24                                      | not filtered $      |
+| 22 | HIGH | XSS         | searchFor=yy%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E | reflected XSS Code  |
+| 23 | HIGH | XSS         | searchFor=yy%3Csvg%2Fonload%3Dalert%2845%29%3E             | reflected XSS Code  |
++----+------+-------------+------------------------------------------------------------+---------------------+
+```            
+
+**to JSON**
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 1
+{"starttime":"2019-07-17 01:02:13 +0900","endtime":"2019-07-17 01:02:59 +0900","issue_count":24,"issue_list":[{"id":0,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yy%3CXsPeaR","description":"not filtered \u001b[0;34;49m<\u001b[0m"},{"id":1,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%27","description":"not filtered \u001b[0;34;49m'\u001b[0m"},{"id":2,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%3E","description":"not filtered \u001b[0;34;49m>\u001b[0m"},{"id":3,"type":"INFO","issue":"REFLECTED","payload":"searchFor=yyrEfe6","description":"reflected parameter"},{"id":4,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%22","description":"not filtered \u001b[0;34;49m\"\u001b[0m"},{"id":5,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%60","description":"not filtered \u001b[0;34;49m`\u001b[0m"},{"id":6,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%3B","description":"not filtered \u001b[0;34;49m;\u001b[0m"},{"id":7,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%28","description":"not filtered \u001b[0;34;49m(\u001b[0m"},{"id":8,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%7C","description":"not filtered \u001b[0;34;49m|\u001b[0m"},{"id":9,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%29","description":"not filtered \u001b[0;34;49m)\u001b[0m"},{"id":10,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%7B","description":"not filtered \u001b[0;34;49m{\u001b[0m"},{"id":11,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%5B","description":"not filtered \u001b[0;34;49m[\u001b[0m"},{"id":12,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%5D","description":"not filtered \u001b[0;34;49m]\u001b[0m"},{"id":13,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%7D","description":"not filtered \u001b[0;34;49m}\u001b[0m"},{"id":14,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%3A","description":"not filtered \u001b[0;34;49m:\u001b[0m"},{"id":15,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%2B","description":"not filtered \u001b[0;34;49m+\u001b[0m"},{"id":16,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR.","description":"not filtered \u001b[0;34;49m.\u001b[0m"},{"id":17,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR-","description":"not filtered \u001b[0;34;49m-\u001b[0m"},{"id":18,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%2C","description":"not filtered \u001b[0;34;49m,\u001b[0m"},{"id":19,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%3D","description":"not filtered \u001b[0;34;49m=\u001b[0m"},{"id":20,"type":"HIGH","issue":"XSS","payload":"searchFor=yy%3Cimg%2Fsrc+onerror%3Dalert%2845%29%3E","description":"reflected \u001b[0;31;49mXSS Code\u001b[0m"},{"id":21,"type":"HIGH","issue":"XSS","payload":"searchFor=yy%3Csvg%2Fonload%3Dalert%2845%29%3E","description":"reflected \u001b[0;31;49mXSS Code\u001b[0m"},{"id":22,"type":"HIGH","issue":"XSS","payload":"searchFor=yy%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E","description":"reflected \u001b[0;31;49mXSS Code\u001b[0m"},{"id":23,"type":"INFO","issue":"FILERD RULE","payload":"searchFor=yyXsPeaR%24","description":"not filtered \u001b[0;34;49m$\u001b[0m"}]}
+```
+
+## Usage on ruby code (gem library)
+```ruby
+require 'XSPear'
+
+s = XspearScan.new "https://www.hahwul.com?target_url", "post_body=thisisbodydata", "CustomHeader: wow", 3, 10, "result.json", "3"
+# s = XspearScan.new options.url, options.data, options.headers, options.level, options.thread.to_i, options.output, options.verbose
+s.run
+```
+
+## Add Scanning Module
+**1) Add `makeQueryPattern`**
+```ruby
+makeQueryPattern('type', 'query,', 'pattern', 'category', "description", "callback funcion")
+# type: f(ilterd?) r(eflected?) x(ss?)
+# category i(nfo) v(uln) l(ow) m(edium) h(igh) 
+
+# e.g 
+# makeQueryPattern('f', 'XsPeaR,', 'XsPeaR,', 'i', "not filtered "+",".blue, CallbackStringMatch)
+```
+
+**2) if other callback, write callback class override `ScanCallbackFunc`**
+e.g
+```ruby
+  class CallbackStringMatch < ScanCallbackFunc
+    def run
+      if @response.body.include? @query
+        [true, "reflected #{@query}"]
+      else
+        [false, "not reflected #{@query}"]
+      end
+    end
+  end
+```
+
+Parent class(ScanCallbackFunc)
+```ruby
+class ScanCallbackFunc()
+    def initialize(url, method, query, response)
+      @url = url
+      @method = method
+      @query = query
+      @response = response
+      # self.run
+    end
+    
+    def run
+      # override
+    end
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/XSpear. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/XSpear/blob/master/CODE_OF_CONDUCT.md).
+
+## ScreenShot
+<img src="https://user-images.githubusercontent.com/13212227/61311070-8aacfc80-a830-11e9-9091-61d68e16d81a.png" width=100%>
+<img src="https://user-images.githubusercontent.com/13212227/61311071-8b459300-a830-11e9-8e60-c08e984fdacb.png" width=100%>

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/XSpear.gemspec

@@ -0,0 +1,45 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "XSpear/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "XSpear"
+  spec.version       = XSpear::VERSION
+  spec.authors       = ["hahwul"]
+  spec.email         = ["hahwul@gmail.com"]
+
+  spec.summary       = "Powerfull XSS Scanning and Parameter Analysis tool&gem"
+  spec.description   = "XSpear is XSS Scanner on ruby gems"
+  spec.homepage      = "https://github.com/hahwul/XSpear"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["homepage_uri"] = spec.homepage
+    spec.metadata["source_code_uri"] = "https://github.com/hahwul/XSpear"
+    spec.metadata["changelog_uri"] = "https://github.com/hahwul/XSpear"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "colorize", "0.8.1"
+  spec.add_runtime_dependency "selenium-webdriver", "3.142.3"
+
+  spec.add_development_dependency "colorize", "0.8.1"
+  spec.add_development_dependency "selenium-webdriver", "3.142.3"
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "XSpear"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/XSpear

@@ -0,0 +1,75 @@
+#!/usr/bin/env ruby
+
+require "XSpear"
+Options = Struct.new(:url, :data, :headers, :params, :thread, :verbose, :output)
+class Parser
+  def self.parse(options)
+    args = Options.new('xspear')
+    if options.empty?
+      banner
+      puts 'please ' + "'-h'".yellow + ' option'
+      exit
+    end
+    opt_parser = OptionParser.new do |opts|
+      opts.banner = "Usage: xspear -u [target] -[options] [value]\n[ e.g ]\n$ ruby a.rb -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'\n\n[ Options ]"
+
+      opts.on('-u', '--url=target_URL', '[required] Target Url') do |n|
+        args.url = n
+      end
+
+      opts.on('-d', '--data=POST Body', '[optional] POST Method Body data') do |n|
+        args.data = n
+      end
+
+      opts.on('--headers=HEADERS', '[optional] Add HTTP Headers') do |n|
+        args.headers = n
+      end
+
+      opts.on('--cookie=COOKIE', '[optional] Add Cookie') do |n|
+        args.headers = 'Cookie: ' + n
+      end
+
+      opts.on('-p', '--param=PARAM', '[optional] Test paramters') do |n|
+        args.params = n
+      end
+
+      opts.on('-t', '--threads=NUMBER', '[optional] thread , default: 10') do |n|
+        args.thread = n
+      end
+
+      opts.on('-o', '--output=FILENAME', '[optional] Save JSON Result') do |n|
+        args.output = n
+      end
+
+      opts.on('-v', '--verbose=1~3', '[optional] Show log depth',
+              ' + Default value: 2',
+              ' + v=1 : quite mode',
+              ' + v=2 : show scanning log',
+              ' + v=3 : show detail log(req/res)') do |n|
+        args.verbose = n
+      end
+
+      opts.on('-h', '--help', 'Prints this help') do
+        banner
+        puts opts
+        exit
+      end
+
+      opts.on('--update', 'Update with online') do
+        puts opts
+        exit
+      end
+    end
+
+    opt_parser.parse!(options)
+    args
+  end
+end
+options = Parser.parse ARGV
+
+exit unless options.url
+options.thread = 10 unless options.thread
+options.verbose = 2 unless options.verbose
+banner
+s = XspearScan.new options.url, options.data, options.headers, options.params, options.thread.to_i, options.output, options.verbose
+s.run

data/lib/XSpear/XSpearRepoter.rb

@@ -0,0 +1,72 @@
+require 'terminal-table'
+
+IssueStruct = Struct.new(:id, :type, :issue, :payload, :description)
+class IssueStruct
+  def to_json(*a)
+    {:id => self.id, :type => self.type, :issue => self.issue, :payload => self.payload, :description => self.description}.to_json(*a)
+  end
+
+
+  def self.json_create(o)
+    new(o['id'], o['type'], o['issue'], o['payload'], o['description'])
+  end
+end
+
+class XspearRepoter
+  def initialize(url,starttime)
+    @url = url
+    @starttime = starttime
+    @endtime = nil
+    @issue = []
+    @query = []
+    # type : i,v,l,m,h
+    # param : paramter
+    # type :
+    # query :
+    # pattern
+    # desc
+    # category
+    # callback
+  end
+
+  def add_issue(type, issue, param, payload, pattern, description)
+    rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
+    rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
+    @issue << [@issue.size, rtype[type], rissue[issue], param, pattern, description]
+    @query.push payload
+  end
+
+  def set_endtime
+    @endtime = Time.now
+  end
+
+  def to_json
+    buffer = []
+    @issue.each do |i|
+      tmp = IssueStruct.new(i[0],i[1],i[2],i[3],i[4])
+      buffer.push(tmp)
+    end
+
+    hash = {}
+    hash["starttime"]=@starttime
+    hash["endtime"]=@endtime
+    hash["issue_count"]=@issue.length
+    hash["issue_list"]=buffer
+    hash.to_json
+  end
+
+  def to_html; end
+
+  def to_cli
+    table = Terminal::Table.new
+    table.title = "[ XSpear report ]\n#{@url}\n#{@starttime} ~ #{@endtime} Found #{@issue.length} issues."
+    table.headings = ['NO','TYPE','ISSUE','PARAM','PAYLOAD','DESCRIPTION']
+    table.rows = @issue
+    #table.style = {:width => 80}
+    puts table
+    puts "< Raw Query >"
+    @query.each_with_index do |q, i|
+      puts "[#{i}] "+@url+"?"+q
+    end
+  end
+end

data/lib/XSpear/banner.rb

@@ -0,0 +1,14 @@
+def banner;
+  puts "    )  (
+ ( /(  )\\ )
+ )\\())(()/(          (     )  (
+((_)\\  /(_))`  )    ))\\ ( /(  )(
+__((_)(_))  /(/(   /((_))(_))(()\\
+\\ \\/ // __|((_)_\\ (_)) ((_)_  ((_)
+ >  < \\__ \\| '_ \\)/ -_)/ _` || '_|
+/_/\\_\\|___/| .__/ \\___|\\__,_||_|    />
+           |_|                   \\ /<
+{\\\\\\\\\\\\\\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\\\\\\\\\\\\(0):::<======================-
+                                 / \\<
+                                    \\>"
+end

data/lib/XSpear/log.rb

@@ -0,0 +1,31 @@
+def log(t, message)
+  # type, message
+  # + type: safe, info, matched, vuln
+  # + info: match percent
+
+  # = format
+  # detail
+  # [09:16:53][PARAM] Message / Matched 70%
+  # [09:16:54][XSS/INFO] Message / Matched 70%
+
+  # system message
+  # [+] start parameter analysis..
+  if @verbose.to_i > 1
+    time = Time.now
+    if t == 'd'
+      puts '[-]'.white + " [#{time.strftime('%H:%M:%S')}] #{message}"
+    elsif t == 's' # system message
+      puts '[*]'.green + " #{message}"
+    elsif t == 'i'
+      puts '[I]'.blue + " [#{time.strftime('%H:%M:%S')}] #{message}"
+    elsif t == 'v'
+      puts '[V]'.red + " [#{time.strftime('%H:%M:%S')}] #{message}"
+    elsif t == 'l'
+      puts '[L]'.blue + " [#{time.strftime('%H:%M:%S')}] #{message}"
+    elsif t == 'm'
+      puts '[M]'.yellow + " [#{time.strftime('%H:%M:%S')}] #{message}"
+    elsif t == 'h'
+      puts '[H]'.red + " [#{time.strftime('%H:%M:%S')}] #{message}"
+    end
+  end
+end

data/lib/XSpear/version.rb

@@ -0,0 +1,3 @@
+module XSpear
+  VERSION = "1.0.0"
+end