XSpear 1.0.9 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7af449d36fa665bdbba42ab63dd4ecbc9b666dbeb29751df167cf3c28662d6d7
-  data.tar.gz: fe079028ed5fe02664db09b5bcbfd15f2ea68661d2c6a146853872cbf8e978fd
+  metadata.gz: ea6588ae83ee1f89c3eff1f387b0b703d6862e471bef37c87ded1e356df39a7b
+  data.tar.gz: 9036a2080e929353daaeea7146253169b05ec65d204305345a53f8ee80419750
 SHA512:
-  metadata.gz: 73b1cc7d0727310e9515f3b2602f3ab1b004f15bf85e316d63bc3c58a36840a03fc1a8481ea327aa0165851a01b1b294d9709029f2525c45bcf4c3b4215d90f1
-  data.tar.gz: 3ab96ff93a503b4c94dd6f0427b963d1b3a81307aa4d7b8a2251a8e0693af848f49bda80174a21903e26e2ed700a7f45cb014cc09cea77d53de9a9f96e56be8b
+  metadata.gz: 2c55c310fbe45360257fff7e15b2850c96a09d5f94ac274fd551b45c6e9f9b45c757366fa466ca6405ce5e310c591f65c67f7dee9ac2764bf3ebeadd423f8691
+  data.tar.gz: 9271357e4283226c530ec50808bef585c4fb3f03e238f370b6090ba8c48f173a30fbf67f8209f2587f3cd85263f876c25b21e9542be97f5536e694ec854d668a

data/.idea/workspace.xml

@@ -1,10 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="ChangeListManager">
-    <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
-      <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/exe/XSpear" beforeDir="false" afterPath="$PROJECT_DIR$/exe/XSpear" afterDir="false" />
+    <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="(1.1.0) [Fixed #15] Maqke">
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear/banner.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/banner.rb" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
     </list>
     <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
     <option name="SHOW_DIALOG" value="false" />
@@ -18,20 +20,11 @@
   <component name="FileEditorManager">
     <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/exe/XSpear">
-          <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="458">
-              <caret line="38" column="77" selection-start-line="38" selection-start-column="77" selection-end-line="38" selection-end-column="77" />
-            </state>
-          </provider>
-        </entry>
-      </file>
-      <file pinned="false" current-in-tab="true">
         <entry file="file://$PROJECT_DIR$/README.md">
           <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
             <state split_layout="SPLIT">
-              <first_editor relative-caret-position="274">
-                <caret line="220" column="10" selection-start-line="220" selection-start-column="10" selection-end-line="220" selection-end-column="10" />
+              <first_editor relative-caret-position="1648">
+                <caret line="189" column="13" selection-start-line="189" selection-start-column="13" selection-end-line="189" selection-end-column="13" />
               </first_editor>
               <second_editor />
             </state>
@@ -46,17 +39,26 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="-1602">
-              <caret line="421" column="235" selection-start-line="421" selection-start-column="235" selection-end-line="421" selection-end-column="235" />
+            <state relative-caret-position="190">
+              <caret line="402" column="87" selection-start-line="402" selection-start-column="87" selection-end-line="402" selection-end-column="87" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="false">
+      <file pinned="false" current-in-tab="true">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="1590">
-              <caret line="106" column="9" lean-forward="true" selection-start-line="106" selection-start-column="9" selection-end-line="106" selection-end-column="9" />
+            <state relative-caret-position="1585">
+              <caret line="113" column="8" selection-start-line="113" selection-start-column="8" selection-end-line="113" selection-end-column="8" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="150">
+              <caret line="10" column="35" selection-start-line="10" selection-start-column="35" selection-end-line="10" selection-end-column="35" />
             </state>
           </provider>
         </entry>
@@ -73,8 +75,8 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="15">
-              <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+            <state relative-caret-position="45">
+              <caret line="3" lean-forward="true" selection-start-line="3" selection-end-line="3" />
             </state>
           </provider>
         </entry>
@@ -108,20 +110,18 @@
       <list>
         <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
         <option value="$PROJECT_DIR$/XSpear.gemspec" />
-        <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
         <option value="$PROJECT_DIR$/exe/XSpear" />
         <option value="$PROJECT_DIR$/README.md" />
+        <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
       </list>
     </option>
   </component>
   <component name="ProjectFrameBounds" fullScreen="true">
-    <option name="x" value="-1920" />
-    <option name="y" value="-643" />
-    <option name="width" value="1920" />
-    <option name="height" value="1080" />
+    <option name="width" value="1680" />
+    <option name="height" value="1050" />
   </component>
   <component name="ProjectLevelVcsManager" settingsEditedManually="true">
     <ConfirmationsSetting value="2" id="Add" />
@@ -131,7 +131,6 @@
       <foldersAlwaysOnTop value="true" />
     </navigator>
     <panes>
-      <pane id="Scope" />
       <pane id="ProjectPane">
         <subPane>
           <expand>
@@ -169,6 +168,7 @@
           <select />
         </subPane>
       </pane>
+      <pane id="Scope" />
     </panes>
   </component>
   <component name="PropertiesComponent">
@@ -228,7 +228,8 @@
       <workItem from="1562942816004" duration="15337000" />
       <workItem from="1563638656518" duration="4985000" />
       <workItem from="1563809961097" duration="4237000" />
-      <workItem from="1563893538891" duration="11528000" />
+      <workItem from="1563893538891" duration="11917000" />
+      <workItem from="1564151699165" duration="2215000" />
     </task>
     <task id="LOCAL-00001" summary="init update">
       <created>1562945899597</created>
@@ -545,17 +546,37 @@
       <option name="project" value="LOCAL" />
       <updated>1564065895283</updated>
     </task>
-    <option name="localTasksCounter" value="46" />
+    <task id="LOCAL-00046" summary="(1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs">
+      <created>1564067249340</created>
+      <option name="number" value="00046" />
+      <option name="presentableId" value="LOCAL-00046" />
+      <option name="project" value="LOCAL" />
+      <updated>1564067249340</updated>
+    </task>
+    <task id="LOCAL-00047" summary="(1.1.0) [Fixed #14] Edit raw query print code">
+      <created>1564151939307</created>
+      <option name="number" value="00047" />
+      <option name="presentableId" value="LOCAL-00047" />
+      <option name="project" value="LOCAL" />
+      <updated>1564151939307</updated>
+    </task>
+    <task id="LOCAL-00048" summary="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정">
+      <created>1564152655489</created>
+      <option name="number" value="00048" />
+      <option name="presentableId" value="LOCAL-00048" />
+      <option name="project" value="LOCAL" />
+      <updated>1564152655489</updated>
+    </task>
+    <option name="localTasksCounter" value="49" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="36087000" />
+    <option name="totallyTimeSpent" value="38691000" />
   </component>
   <component name="ToolWindowManager">
-    <frame x="-1920" y="-643" width="1920" height="1080" extended-state="0" />
-    <editor active="true" />
+    <frame x="0" y="0" width="1680" height="1050" extended-state="0" />
     <layout>
-      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
+      <window_info content_ui="combo" id="Project" order="0" visible="true" weight="0.16605617" />
       <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
       <window_info id="Favorites" order="2" side_tool="true" />
       <window_info anchor="bottom" id="Message" order="0" />
@@ -568,7 +589,7 @@
       <window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
       <window_info anchor="bottom" id="Database Changes" order="8" />
       <window_info anchor="bottom" id="Version Control" order="9" />
-      <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.34158415" />
+      <window_info active="true" anchor="bottom" id="Terminal" order="10" visible="true" weight="0.34081632" />
       <window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
       <window_info anchor="bottom" id="Messages" order="12" weight="0.32953367" />
       <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
@@ -581,9 +602,6 @@
     <option name="version" value="1" />
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value="Edit readme" />
-    <MESSAGE value="modify dependency rspec" />
-    <MESSAGE value="Change Badge(version)" />
     <MESSAGE value="Add show version &amp; edit help, version in banner" />
     <MESSAGE value="Edit version , release 1.0.2" />
     <MESSAGE value="Add EventHandler Test logic (1.0.3), edit description on report" />
@@ -606,7 +624,10 @@
     <MESSAGE value="(1.0.9)[Fixed #12] Modify XSpear Struct(option.* =&gt; options [hash])" />
     <MESSAGE value="(1.0.9)[Fixed #10] Add raw file read options" />
     <MESSAGE value="(1.0.9)[Fixed #13] Remove add pattern from StandardError in 'makeQueryPattern'" />
-    <option name="LAST_COMMIT_MESSAGE" value="(1.0.9)[Fixed #13] Remove add pattern from StandardError in 'makeQueryPattern'" />
+    <MESSAGE value="(1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs" />
+    <MESSAGE value="(1.1.0) [Fixed #14] Edit raw query print code" />
+    <MESSAGE value="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정" />
+    <option name="LAST_COMMIT_MESSAGE" value="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정" />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -622,10 +643,20 @@
     <entry file="file://$PROJECT_DIR$/bin/setup">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
+    <entry file="file://$PROJECT_DIR$/exe/XSpear">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="570">
+          <caret line="38" column="77" selection-start-line="38" selection-start-column="77" selection-end-line="38" selection-end-column="77" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
+      <provider selected="true" editor-type-id="text-editor" />
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="180">
-          <caret line="12" column="69" selection-start-line="12" selection-start-column="69" selection-end-line="12" selection-end-column="69" />
+        <state relative-caret-position="195">
+          <caret line="13" column="19" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
         </state>
       </provider>
     </entry>
@@ -642,51 +673,41 @@
     <entry file="file:///usr/local/bin/rake">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
-    <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
-      <provider selected="true" editor-type-id="text-editor" />
-    </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="15">
-          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="195">
-          <caret line="13" column="19" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
+    <entry file="file://$PROJECT_DIR$/README.md">
+      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+        <state split_layout="SPLIT">
+          <first_editor relative-caret-position="1648">
+            <caret line="189" column="13" selection-start-line="189" selection-start-column="13" selection-end-line="189" selection-end-column="13" />
+          </first_editor>
+          <second_editor />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="1590">
-          <caret line="106" column="9" lean-forward="true" selection-start-line="106" selection-start-column="9" selection-end-line="106" selection-end-column="9" />
+        <state relative-caret-position="45">
+          <caret line="3" lean-forward="true" selection-start-line="3" selection-end-line="3" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/exe/XSpear">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="458">
-          <caret line="38" column="77" selection-start-line="38" selection-start-column="77" selection-end-line="38" selection-end-column="77" />
+        <state relative-caret-position="150">
+          <caret line="10" column="35" selection-start-line="10" selection-start-column="35" selection-end-line="10" selection-end-column="35" />
         </state>
       </provider>
     </entry>
     <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="-1602">
-          <caret line="421" column="235" selection-start-line="421" selection-start-column="235" selection-end-line="421" selection-end-column="235" />
+        <state relative-caret-position="190">
+          <caret line="402" column="87" selection-start-line="402" selection-start-column="87" selection-end-line="402" selection-end-column="87" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/README.md">
-      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-        <state split_layout="SPLIT">
-          <first_editor relative-caret-position="274">
-            <caret line="220" column="10" selection-start-line="220" selection-start-column="10" selection-end-line="220" selection-end-column="10" />
-          </first_editor>
-          <second_editor />
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="1585">
+          <caret line="113" column="8" selection-start-line="113" selection-start-column="8" selection-end-line="113" selection-end-column="8" />
         </state>
       </provider>
     </entry>

data/lib/XSpear/XSpearRepoter.rb

@@ -29,18 +29,20 @@ class XspearRepoter
     # desc
     # category
     # callback
+    @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".light_red}
+    @rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
   end
 
   def add_issue_first(type, issue, param, payload, pattern, description)
-    rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
-    rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
+    rtype = @rtype
+    rissue = @rissue
     @issue.insert(0,["-", rtype[type], rissue[issue], @method, param, pattern, description])
     @query.push payload
   end
 
   def add_issue(type, issue, param, payload, pattern, description)
-    rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
-    rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
+    rtype = @rtype
+    rissue = @rissue
     @issue << [@issue.size, rtype[type], rissue[issue], @method, param, pattern, description]
     @query.push payload
   end
@@ -84,35 +86,46 @@ class XspearRepoter
     puts table
     puts "< Available Objects >".yellow
     @filtered_objects.each do |key, value|
-      eh = []
-      tag = []
-      sc = []
-      uc = []
-      puts "[#{key}]".blue+" param"
-      value.each do |n|
-        if n.include? "=64"
-          # eh
-          eh.push n.chomp("=64")
-        elsif n.include? "xsp<"
-          # tag
-          n = n.sub("xsp<","")
-          tag.push n.chomp(">")
-        elsif n.include? ".xspear"
-          # uc
-          uc.push n.sub(".xspear","")
-        else
-          # sc
-          sc.push n.sub("XsPeaR","")
+      begin
+        eh = []
+        tag = []
+        sc = []
+        uc = []
+        puts "[#{key}]".blue+" param"
+        value.each do |n|
+          if n.include? "=64"
+            # eh
+            eh.push n.chomp("=64")
+          elsif n.include? "xsp<"
+            # tag
+            n = n.sub("xsp<","")
+            tag.push n.chomp(">")
+          elsif n.include? ".xspear"
+            # uc
+            uc.push n.sub(".xspear","")
+          else
+            # sc
+            sc.push n.sub("XsPeaR","")
+          end
         end
+        puts " + Available Special Char: ".green+"#{sc.map(&:inspect).join(',').gsub('"',"")}".gsub(',',' ')
+        puts " + Available Event Handler: ".green+"#{eh.map(&:inspect).join(',')}"
+        puts " + Available HTML Tag: ".green+"#{tag.map(&:inspect).join(',')}"
+        puts " + Available Useful Code: ".green+"#{uc.map(&:inspect).join(',')}"
+      rescue
+        puts "Not found"
       end
-      puts " + Available Special Char: ".green+"#{sc.map(&:inspect).join(',').gsub('"',"")}".gsub(',',' ')
-      puts " + Available Event Handler: ".green+"#{eh.map(&:inspect).join(',')}"
-      puts " + Available HTML Tag: ".green+"#{tag.map(&:inspect).join(',')}"
-      puts " + Available Useful Code: ".green+"#{uc.map(&:inspect).join(',')}"
     end
-    puts "< Raw Query >".yellow
+    if @filtered_objects.length == 0
+      puts "Not found"
+    end
+    puts "\n< Raw Query >".yellow
+    begin
     @query.each_with_index do |q, i|
-      puts "[#{i}] "+@url+"?"+q
+      puts "[#{i}] #{@url.sub(URI.parse(@url).query,"")}"+q
+    end
+    rescue
+      puts "Not found"
     end
   end
 end

data/lib/XSpear/banner.rb

@@ -3,12 +3,12 @@ def banner;
  ( /(  )\\ )
  )\\())(()/(          (     )  (
 ((_)\\  /(_))`  )    ))\\ ( /(  )(
-__((_)(_))  /(/(   /((_))(_))(()\\
-\\ \\/ // __|((_)_\\ (_)) ((_)_  ((_)
+__((_)(_))  /(/(   /((_))(_))(()\\".red+"
+\\ \\/ // __|"+"((_)_\\ (_)) ((_)_  ((_)".red+"
  >  < \\__ \\| '_ \\)/ -_)/ _` || '_|
-/_/\\_\\|___/| .__/ \\___|\\__,_||_|    />
-           |_|                   \\ /<
-{\\\\\\\\\\\\\\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\\\\\\\\\\\\(0):::<======================-
-                                 / \\<
-                                    \\>       [ v#{XSpear::VERSION} ]"
+/_/\\_\\|___/| .__/ \\___|\\__,_||_|    "+"/>".red+"
+           |_|                   "+"\\ /<".red+"
+"+"{\\\\\\\\\\\\\\\\\\\\\\\\\\".red+"BYHAHWUL"+"\\\\\\\\\\\\\\\\\\\\\\(0):::<======================-".red+"
+                                 "+"/ \\<".red+"
+                                    "+"\\>".red+"       [ v#{XSpear::VERSION} ]"
 end

data/lib/XSpear/version.rb

@@ -1,3 +1,3 @@
 module XSpear
-  VERSION = "1.0.9"
+  VERSION = "1.1.0"
 end

data/lib/XSpear.rb

@@ -400,7 +400,7 @@ class XspearScan
     r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
     r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
     r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><meter value=2 min=0 max=10 onmouseover=alert(45)>2 out of 10</meter>', '<meter value=2 min=0 max=10 onmouseover=alert(45)>2 out of 10</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+    r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
 
     onfocus_tags.each do |t|
       r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
@@ -489,22 +489,26 @@ class XspearScan
         params = URI.decode_www_form(uri.query)
         params.each do |p|
           if @params.nil? || (@params.include? p[0] if !@params.nil?)
+            attack = ""
             dparams = params
             dparams.each do |d|
-              d[1] = p[1] + payload if p[0] == d[0]
+              attack = uri.query.sub "#{d[0]}=#{d[1]}","#{d[0]}=#{d[1]}#{URI::encode(payload)}" if p[0] == d[0]
+              #d[1] = p[1] + payload if p[0] == d[0]
             end
-            result.push("inject": 'url',"param":p[0] ,"type": type, "query": URI.encode_www_form(dparams), "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+            result.push("inject": 'url',"param":p[0] ,"type": type, "query": attack, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
           end
         end
         unless @data.nil?
           params = URI.decode_www_form(@data)
           params.each do |p|
             if @params.nil? || (@params.include? p[0] if !@params.nil?)
+              attack = ""
               dparams = params
               dparams.each do |d|
-                d[1] = p[1] + payload if p[0] == d[0]
+                attack = uri.query.sub "#{d[0]}=#{d[1]}","#{d[0]}=#{d[1]}#{URI::encode(payload)}" if p[0] == d[0]
+                #d[1] = p[1] + payload if p[0] == d[0]
               end
-              result.push("inject": 'body', "param":p[0], "type": type, "query": URI.encode_www_form(dparams), "pattern": pattern, "desc": desc, "category": category, "callback": callback)
+              result.push("inject": 'body', "param":p[0], "type": type, "query": attack, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
             end
           end
         end

data/raw_sample.txt

@@ -0,0 +1,8 @@
+GET https://www.hahwul.com/?q=xspear HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.5,en;q=0.3
+Connection: keep-alive
+Cookie: _ga=GA1.2.1102548207.1555467144; _gid=GA1.2.1362788908.1563875038
+Upgrade-Insecure-Requests: 1
+Host: www.hahwul.com

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: XSpear
 version: !ruby/object:Gem::Version
-  version: 1.0.9
+  version: 1.1.0
 platform: ruby
 authors:
 - hahwul
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-07-25 00:00:00.000000000 Z
+date: 2019-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -167,6 +167,7 @@ files:
 - lib/XSpear/banner.rb
 - lib/XSpear/log.rb
 - lib/XSpear/version.rb
+- raw_sample.txt
 homepage: https://github.com/hahwul/XSpear
 licenses:
 - MIT