XSpear 1.4.0 → 1.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.idea/XSpear.iml +1 -0
- data/.idea/workspace.xml +87 -90
- data/README.md +13 -4
- data/XSpear.gemspec +1 -1
- data/lib/XSpear.rb +7 -1
- data/lib/XSpear/version.rb +1 -1
- data/renovate.json +5 -0
- metadata +7 -7
- data/XSpear-1.3.3.gem +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fc04beec0acfad05b808fd7f261afe330cc0946fe5f1a49bbd781ade4a8d7fe3
|
|
4
|
+
data.tar.gz: 583988a655c70f12bef41463afab6558ee422276effe5bb730a4e29bbc818462
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bdd144c1a5ef14292b180b041894ca5401dde1a04f21ac168d2c0dee51432e29b2e35d9f575aae8d1ed5903b93644704a4f8432e9742c5eaab085ad9903f9a23
|
|
7
|
+
data.tar.gz: c37d7fac210da1a480679222ad6d50d8eb945353c21a9d819e89a6a0f3f60a25ac65a81ff313518198666ecfe762ddd6c083010a49aaf69a978fc30ef4f193ea
|
data/.idea/XSpear.iml
CHANGED
|
@@ -13,6 +13,7 @@
|
|
|
13
13
|
<orderEntry type="library" scope="PROVIDED" name="highline (v2.0.2, ruby-2.3.7-p456) [gem]" level="application" />
|
|
14
14
|
<orderEntry type="library" scope="PROVIDED" name="options (v2.3.2, ruby-2.3.7-p456) [gem]" level="application" />
|
|
15
15
|
<orderEntry type="library" scope="PROVIDED" name="progress_bar (v1.3.1, ruby-2.3.7-p456) [gem]" level="application" />
|
|
16
|
+
<orderEntry type="library" scope="PROVIDED" name="rake (v13.0.1, ruby-2.3.7-p456) [gem]" level="application" />
|
|
16
17
|
<orderEntry type="library" scope="PROVIDED" name="rubyzip (v2.0.0, ruby-2.3.7-p456) [gem]" level="application" />
|
|
17
18
|
<orderEntry type="library" scope="PROVIDED" name="selenium-webdriver (v3.142.6, ruby-2.3.7-p456) [gem]" level="application" />
|
|
18
19
|
<orderEntry type="library" scope="PROVIDED" name="terminal-table (v1.8.0, ruby-2.3.7-p456) [gem]" level="application" />
|
data/.idea/workspace.xml
CHANGED
|
@@ -3,8 +3,7 @@
|
|
|
3
3
|
<component name="ChangeListManager">
|
|
4
4
|
<list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
|
|
5
5
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
|
6
|
-
<change beforePath="$PROJECT_DIR$/
|
|
7
|
-
<change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
|
|
6
|
+
<change beforePath="$PROJECT_DIR$/XSpear.gemspec" beforeDir="false" afterPath="$PROJECT_DIR$/XSpear.gemspec" afterDir="false" />
|
|
8
7
|
<change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
|
|
9
8
|
</list>
|
|
10
9
|
<option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
|
|
@@ -18,28 +17,19 @@
|
|
|
18
17
|
</component>
|
|
19
18
|
<component name="FileEditorManager">
|
|
20
19
|
<leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
|
|
21
|
-
<file pinned="false" current-in-tab="false">
|
|
22
|
-
<entry file="file://$PROJECT_DIR$/exe/XSpear">
|
|
23
|
-
<provider selected="true" editor-type-id="text-editor">
|
|
24
|
-
<state relative-caret-position="1084">
|
|
25
|
-
<caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
|
|
26
|
-
</state>
|
|
27
|
-
</provider>
|
|
28
|
-
</entry>
|
|
29
|
-
</file>
|
|
30
20
|
<file pinned="false" current-in-tab="false">
|
|
31
21
|
<entry file="file://$PROJECT_DIR$/raw_sample.txt">
|
|
32
22
|
<provider selected="true" editor-type-id="text-editor">
|
|
33
23
|
<state relative-caret-position="30">
|
|
34
|
-
<caret line="2" column="9"
|
|
24
|
+
<caret line="2" column="9" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
|
|
35
25
|
</state>
|
|
36
26
|
</provider>
|
|
37
27
|
</entry>
|
|
38
28
|
</file>
|
|
39
|
-
<file pinned="false" current-in-tab="
|
|
29
|
+
<file pinned="false" current-in-tab="false">
|
|
40
30
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
|
|
41
31
|
<provider selected="true" editor-type-id="text-editor">
|
|
42
|
-
<state relative-caret-position="
|
|
32
|
+
<state relative-caret-position="5415">
|
|
43
33
|
<caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
|
|
44
34
|
</state>
|
|
45
35
|
</provider>
|
|
@@ -48,17 +38,22 @@
|
|
|
48
38
|
<file pinned="false" current-in-tab="false">
|
|
49
39
|
<entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
|
|
50
40
|
<provider selected="true" editor-type-id="text-editor">
|
|
51
|
-
<state relative-caret-position="
|
|
52
|
-
<caret line="
|
|
41
|
+
<state relative-caret-position="519">
|
|
42
|
+
<caret line="567" selection-start-line="567" selection-end-line="567" />
|
|
53
43
|
</state>
|
|
54
44
|
</provider>
|
|
55
45
|
</entry>
|
|
56
46
|
</file>
|
|
47
|
+
<file pinned="false" current-in-tab="false">
|
|
48
|
+
<entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
|
|
49
|
+
<provider selected="true" editor-type-id="text-editor" />
|
|
50
|
+
</entry>
|
|
51
|
+
</file>
|
|
57
52
|
<file pinned="false" current-in-tab="false">
|
|
58
53
|
<entry file="file://$PROJECT_DIR$/report.html">
|
|
59
54
|
<provider selected="true" editor-type-id="text-editor">
|
|
60
|
-
<state
|
|
61
|
-
<caret
|
|
55
|
+
<state>
|
|
56
|
+
<caret column="124" selection-start-column="124" selection-end-column="124" />
|
|
62
57
|
</state>
|
|
63
58
|
</provider>
|
|
64
59
|
</entry>
|
|
@@ -72,11 +67,11 @@
|
|
|
72
67
|
</provider>
|
|
73
68
|
</entry>
|
|
74
69
|
</file>
|
|
75
|
-
<file pinned="false" current-in-tab="
|
|
70
|
+
<file pinned="false" current-in-tab="true">
|
|
76
71
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
|
|
77
72
|
<provider selected="true" editor-type-id="text-editor">
|
|
78
73
|
<state relative-caret-position="15">
|
|
79
|
-
<caret line="1" column="
|
|
74
|
+
<caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
|
|
80
75
|
</state>
|
|
81
76
|
</provider>
|
|
82
77
|
</entry>
|
|
@@ -105,8 +100,8 @@
|
|
|
105
100
|
<file pinned="false" current-in-tab="false">
|
|
106
101
|
<entry file="file://$PROJECT_DIR$/XSpear.gemspec">
|
|
107
102
|
<provider selected="true" editor-type-id="text-editor">
|
|
108
|
-
<state relative-caret-position="
|
|
109
|
-
<caret line="
|
|
103
|
+
<state relative-caret-position="547">
|
|
104
|
+
<caret line="46" column="53" selection-start-line="46" selection-start-column="53" selection-end-line="46" selection-end-column="53" />
|
|
110
105
|
</state>
|
|
111
106
|
</provider>
|
|
112
107
|
</entry>
|
|
@@ -142,24 +137,23 @@
|
|
|
142
137
|
<option value="$PROJECT_DIR$/config.json" />
|
|
143
138
|
<option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
|
|
144
139
|
<option value="$PROJECT_DIR$/README.md" />
|
|
145
|
-
<option value="$PROJECT_DIR$/XSpear.gemspec" />
|
|
146
140
|
<option value="$PROJECT_DIR$/forBurp/otwa.sh" />
|
|
147
141
|
<option value="$PROJECT_DIR$/forBurp/README.md" />
|
|
148
142
|
<option value="$PROJECT_DIR$/raw_sample.txt" />
|
|
149
143
|
<option value="$PROJECT_DIR$/exe/XSpear" />
|
|
150
|
-
<option value="$PROJECT_DIR$/report.html" />
|
|
151
144
|
<option value="$PROJECT_DIR$/custom_payload.json" />
|
|
152
|
-
<option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
|
|
153
|
-
<option value="$PROJECT_DIR$/lib/XSpear.rb" />
|
|
154
145
|
<option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
|
|
146
|
+
<option value="$PROJECT_DIR$/report.html" />
|
|
147
|
+
<option value="$PROJECT_DIR$/lib/XSpear.rb" />
|
|
148
|
+
<option value="$PROJECT_DIR$/XSpear.gemspec" />
|
|
149
|
+
<option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
|
|
155
150
|
</list>
|
|
156
151
|
</option>
|
|
157
152
|
</component>
|
|
158
153
|
<component name="ProjectFrameBounds" extendedState="6">
|
|
159
|
-
<option name="
|
|
160
|
-
<option name="
|
|
161
|
-
<option name="
|
|
162
|
-
<option name="height" value="1080" />
|
|
154
|
+
<option name="y" value="23" />
|
|
155
|
+
<option name="width" value="1680" />
|
|
156
|
+
<option name="height" value="1027" />
|
|
163
157
|
</component>
|
|
164
158
|
<component name="ProjectLevelVcsManager" settingsEditedManually="true">
|
|
165
159
|
<ConfirmationsSetting value="2" id="Add" />
|
|
@@ -169,7 +163,6 @@
|
|
|
169
163
|
<foldersAlwaysOnTop value="true" />
|
|
170
164
|
</navigator>
|
|
171
165
|
<panes>
|
|
172
|
-
<pane id="Scope" />
|
|
173
166
|
<pane id="ProjectPane">
|
|
174
167
|
<subPane>
|
|
175
168
|
<expand>
|
|
@@ -207,6 +200,7 @@
|
|
|
207
200
|
<select />
|
|
208
201
|
</subPane>
|
|
209
202
|
</pane>
|
|
203
|
+
<pane id="Scope" />
|
|
210
204
|
</panes>
|
|
211
205
|
</component>
|
|
212
206
|
<component name="PropertiesComponent">
|
|
@@ -274,21 +268,10 @@
|
|
|
274
268
|
<workItem from="1580314696983" duration="286000" />
|
|
275
269
|
<workItem from="1580583824837" duration="1470000" />
|
|
276
270
|
<workItem from="1581089876742" duration="615000" />
|
|
277
|
-
<workItem from="1581425741728" duration="
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
<
|
|
281
|
-
<option name="number" value="00038" />
|
|
282
|
-
<option name="presentableId" value="LOCAL-00038" />
|
|
283
|
-
<option name="project" value="LOCAL" />
|
|
284
|
-
<updated>1563896886094</updated>
|
|
285
|
-
</task>
|
|
286
|
-
<task id="LOCAL-00039" summary="(1.0.7) Releases 1.0.7 (Modify Format, etc..)">
|
|
287
|
-
<created>1563897379180</created>
|
|
288
|
-
<option name="number" value="00039" />
|
|
289
|
-
<option name="presentableId" value="LOCAL-00039" />
|
|
290
|
-
<option name="project" value="LOCAL" />
|
|
291
|
-
<updated>1563897379180</updated>
|
|
271
|
+
<workItem from="1581425741728" duration="14190000" />
|
|
272
|
+
<workItem from="1581531430817" duration="297000" />
|
|
273
|
+
<workItem from="1582650651760" duration="758000" />
|
|
274
|
+
<workItem from="1583059002049" duration="49000" />
|
|
292
275
|
</task>
|
|
293
276
|
<task id="LOCAL-00040" summary="(1.0.8) Add event handler & html5 XSS code, new pattern">
|
|
294
277
|
<created>1563990681736</created>
|
|
@@ -619,11 +602,25 @@
|
|
|
619
602
|
<option name="project" value="LOCAL" />
|
|
620
603
|
<updated>1581530432559</updated>
|
|
621
604
|
</task>
|
|
622
|
-
<
|
|
605
|
+
<task id="LOCAL-00087" summary="Released 1.4.0!">
|
|
606
|
+
<created>1581530932685</created>
|
|
607
|
+
<option name="number" value="00087" />
|
|
608
|
+
<option name="presentableId" value="LOCAL-00087" />
|
|
609
|
+
<option name="project" value="LOCAL" />
|
|
610
|
+
<updated>1581530932685</updated>
|
|
611
|
+
</task>
|
|
612
|
+
<task id="LOCAL-00088" summary="(Closed #62) Add pattern">
|
|
613
|
+
<created>1582651251008</created>
|
|
614
|
+
<option name="number" value="00088" />
|
|
615
|
+
<option name="presentableId" value="LOCAL-00088" />
|
|
616
|
+
<option name="project" value="LOCAL" />
|
|
617
|
+
<updated>1582651251008</updated>
|
|
618
|
+
</task>
|
|
619
|
+
<option name="localTasksCounter" value="89" />
|
|
623
620
|
<servers />
|
|
624
621
|
</component>
|
|
625
622
|
<component name="TimeTrackingManager">
|
|
626
|
-
<option name="totallyTimeSpent" value="
|
|
623
|
+
<option name="totallyTimeSpent" value="91698000" />
|
|
627
624
|
</component>
|
|
628
625
|
<component name="TodoView">
|
|
629
626
|
<todo-panel id="selected-file">
|
|
@@ -635,10 +632,10 @@
|
|
|
635
632
|
</todo-panel>
|
|
636
633
|
</component>
|
|
637
634
|
<component name="ToolWindowManager">
|
|
638
|
-
<frame x="
|
|
635
|
+
<frame x="0" y="23" width="1680" height="1027" extended-state="6" />
|
|
639
636
|
<editor active="true" />
|
|
640
637
|
<layout>
|
|
641
|
-
<window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.
|
|
638
|
+
<window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.14163615" />
|
|
642
639
|
<window_info id="Structure" order="1" side_tool="true" weight="0.25" />
|
|
643
640
|
<window_info id="Favorites" order="2" side_tool="true" />
|
|
644
641
|
<window_info anchor="bottom" id="Message" order="0" />
|
|
@@ -651,7 +648,7 @@
|
|
|
651
648
|
<window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
|
|
652
649
|
<window_info anchor="bottom" id="Database Changes" order="8" />
|
|
653
650
|
<window_info anchor="bottom" id="Version Control" order="9" />
|
|
654
|
-
<window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.
|
|
651
|
+
<window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.23636363" />
|
|
655
652
|
<window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
|
|
656
653
|
<window_info anchor="bottom" id="Messages" order="12" weight="0.32857144" />
|
|
657
654
|
<window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
|
|
@@ -664,8 +661,6 @@
|
|
|
664
661
|
<option name="version" value="1" />
|
|
665
662
|
</component>
|
|
666
663
|
<component name="VcsManagerConfiguration">
|
|
667
|
-
<MESSAGE value="(1.1.5)(Fixed #21) not reflected params , no testing. but alway blind xss, other bug fix" />
|
|
668
|
-
<MESSAGE value="(1.1.5) Released 1.1.5" />
|
|
669
664
|
<MESSAGE value="(1.1.6) (Fixed #24) Edit Usage" />
|
|
670
665
|
<MESSAGE value="(1.1.6) released 1.1.6 (+ fixed #23)" />
|
|
671
666
|
<MESSAGE value="(1.1.6) Add Event handler pattern (whatthe=""onload)" />
|
|
@@ -689,7 +684,9 @@
|
|
|
689
684
|
<MESSAGE value="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl" />
|
|
690
685
|
<MESSAGE value="(1.4 / Closed #52) Added HTML Report" />
|
|
691
686
|
<MESSAGE value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
|
|
692
|
-
<
|
|
687
|
+
<MESSAGE value="Released 1.4.0!" />
|
|
688
|
+
<MESSAGE value="(Closed #62) Add pattern" />
|
|
689
|
+
<option name="LAST_COMMIT_MESSAGE" value="(Closed #62) Add pattern" />
|
|
693
690
|
</component>
|
|
694
691
|
<component name="editorHistoryManager">
|
|
695
692
|
<entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
|
|
@@ -702,9 +699,6 @@
|
|
|
702
699
|
<entry file="file://$PROJECT_DIR$/bin/setup">
|
|
703
700
|
<provider selected="true" editor-type-id="text-editor" />
|
|
704
701
|
</entry>
|
|
705
|
-
<entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
|
|
706
|
-
<provider selected="true" editor-type-id="text-editor" />
|
|
707
|
-
</entry>
|
|
708
702
|
<entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
|
|
709
703
|
<provider selected="true" editor-type-id="text-editor">
|
|
710
704
|
<state relative-caret-position="150">
|
|
@@ -769,41 +763,31 @@
|
|
|
769
763
|
</state>
|
|
770
764
|
</provider>
|
|
771
765
|
</entry>
|
|
772
|
-
<entry file="file://$PROJECT_DIR$/
|
|
773
|
-
<provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
|
|
774
|
-
<state split_layout="SPLIT">
|
|
775
|
-
<first_editor relative-caret-position="105">
|
|
776
|
-
<caret line="7" column="16" selection-start-line="7" selection-start-column="16" selection-end-line="7" selection-end-column="16" />
|
|
777
|
-
</first_editor>
|
|
778
|
-
<second_editor />
|
|
779
|
-
</state>
|
|
780
|
-
</provider>
|
|
781
|
-
</entry>
|
|
782
|
-
<entry file="file://$PROJECT_DIR$/forBurp/otwa.sh">
|
|
766
|
+
<entry file="file://$PROJECT_DIR$/exe/XSpear">
|
|
783
767
|
<provider selected="true" editor-type-id="text-editor">
|
|
784
|
-
<state relative-caret-position="
|
|
785
|
-
<caret line="
|
|
768
|
+
<state relative-caret-position="1110">
|
|
769
|
+
<caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
|
|
786
770
|
</state>
|
|
787
771
|
</provider>
|
|
788
772
|
</entry>
|
|
789
|
-
<entry file="file://$PROJECT_DIR$/
|
|
773
|
+
<entry file="file://$PROJECT_DIR$/raw_sample.txt">
|
|
790
774
|
<provider selected="true" editor-type-id="text-editor">
|
|
791
|
-
<state relative-caret-position="
|
|
792
|
-
<caret line="
|
|
775
|
+
<state relative-caret-position="30">
|
|
776
|
+
<caret line="2" column="9" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
|
|
793
777
|
</state>
|
|
794
778
|
</provider>
|
|
795
779
|
</entry>
|
|
796
|
-
<entry file="file://$PROJECT_DIR$/
|
|
780
|
+
<entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
|
|
797
781
|
<provider selected="true" editor-type-id="text-editor">
|
|
798
|
-
<state relative-caret-position="
|
|
799
|
-
<caret line="
|
|
782
|
+
<state relative-caret-position="5415">
|
|
783
|
+
<caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
|
|
800
784
|
</state>
|
|
801
785
|
</provider>
|
|
802
786
|
</entry>
|
|
803
787
|
<entry file="file://$PROJECT_DIR$/report.html">
|
|
804
788
|
<provider selected="true" editor-type-id="text-editor">
|
|
805
|
-
<state
|
|
806
|
-
<caret
|
|
789
|
+
<state>
|
|
790
|
+
<caret column="124" selection-start-column="124" selection-end-column="124" />
|
|
807
791
|
</state>
|
|
808
792
|
</provider>
|
|
809
793
|
</entry>
|
|
@@ -814,31 +798,44 @@
|
|
|
814
798
|
</state>
|
|
815
799
|
</provider>
|
|
816
800
|
</entry>
|
|
817
|
-
<entry file="file://$PROJECT_DIR$/
|
|
818
|
-
<provider selected="true" editor-type-id="text-editor">
|
|
819
|
-
<state
|
|
820
|
-
<
|
|
801
|
+
<entry file="file://$PROJECT_DIR$/forBurp/README.md">
|
|
802
|
+
<provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
|
|
803
|
+
<state split_layout="SPLIT">
|
|
804
|
+
<first_editor relative-caret-position="105">
|
|
805
|
+
<caret line="7" column="16" selection-start-line="7" selection-start-column="16" selection-end-line="7" selection-end-column="16" />
|
|
806
|
+
</first_editor>
|
|
807
|
+
<second_editor />
|
|
821
808
|
</state>
|
|
822
809
|
</provider>
|
|
823
810
|
</entry>
|
|
824
|
-
<entry file="file://$PROJECT_DIR$/
|
|
811
|
+
<entry file="file://$PROJECT_DIR$/forBurp/otwa.sh">
|
|
825
812
|
<provider selected="true" editor-type-id="text-editor">
|
|
826
|
-
<state relative-caret-position="
|
|
827
|
-
<caret line="
|
|
813
|
+
<state relative-caret-position="375">
|
|
814
|
+
<caret line="25" column="32" selection-start-line="25" selection-start-column="32" selection-end-line="25" selection-end-column="32" />
|
|
828
815
|
</state>
|
|
829
816
|
</provider>
|
|
830
817
|
</entry>
|
|
831
818
|
<entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
|
|
832
819
|
<provider selected="true" editor-type-id="text-editor">
|
|
833
|
-
<state relative-caret-position="
|
|
834
|
-
<caret line="
|
|
820
|
+
<state relative-caret-position="519">
|
|
821
|
+
<caret line="567" selection-start-line="567" selection-end-line="567" />
|
|
835
822
|
</state>
|
|
836
823
|
</provider>
|
|
837
824
|
</entry>
|
|
838
|
-
<entry file="file://$PROJECT_DIR$/
|
|
825
|
+
<entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
|
|
826
|
+
<provider selected="true" editor-type-id="text-editor" />
|
|
827
|
+
</entry>
|
|
828
|
+
<entry file="file://$PROJECT_DIR$/XSpear.gemspec">
|
|
839
829
|
<provider selected="true" editor-type-id="text-editor">
|
|
840
|
-
<state relative-caret-position="
|
|
841
|
-
<caret line="
|
|
830
|
+
<state relative-caret-position="547">
|
|
831
|
+
<caret line="46" column="53" selection-start-line="46" selection-start-column="53" selection-end-line="46" selection-end-column="53" />
|
|
832
|
+
</state>
|
|
833
|
+
</provider>
|
|
834
|
+
</entry>
|
|
835
|
+
<entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
|
|
836
|
+
<provider selected="true" editor-type-id="text-editor">
|
|
837
|
+
<state relative-caret-position="15">
|
|
838
|
+
<caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
|
|
842
839
|
</state>
|
|
843
840
|
</provider>
|
|
844
841
|
</entry>
|
data/README.md
CHANGED
|
@@ -45,8 +45,10 @@ XSpear is XSS Scanner on ruby gems
|
|
|
45
45
|
- XSpear running on ruby code(with Gem library)
|
|
46
46
|
- Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
|
|
47
47
|
- Testing at selected parameters
|
|
48
|
-
- Support output format `cli` `json`
|
|
49
|
-
+ cli
|
|
48
|
+
- Support output format `cli` `json` `html`
|
|
49
|
+
+ cli
|
|
50
|
+
+ json
|
|
51
|
+
+ html
|
|
50
52
|
- Support Verbose level (0~3)
|
|
51
53
|
+ 0: quite mode(only result)
|
|
52
54
|
+ 1: show scanning status(default)
|
|
@@ -61,7 +63,7 @@ Install it yourself as:
|
|
|
61
63
|
|
|
62
64
|
$ gem install XSpear
|
|
63
65
|
|
|
64
|
-
Or install it yourself as (local file):
|
|
66
|
+
Or install it yourself as (local file / download [latest](https://github.com/hahwul/XSpear/releases/latest) ):
|
|
65
67
|
|
|
66
68
|
$ gem install XSpear-{version}.gem
|
|
67
69
|
|
|
@@ -390,7 +392,12 @@ __((_)(_)) /(/( /((_))(_))(()\
|
|
|
390
392
|
|_| \ /<
|
|
391
393
|
{\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
|
|
392
394
|
/ \<
|
|
393
|
-
\> [ v1.
|
|
395
|
+
\> [ v1.4.0 ]
|
|
396
|
+
[*] analysis request..
|
|
397
|
+
[*] used test-reflected-params mode(default)
|
|
398
|
+
[*] creating a test query [for reflected 1 param ]
|
|
399
|
+
[*] test query generation is complete. [251 query]
|
|
400
|
+
[*] starting XSS Scanning. [10 threads]
|
|
394
401
|
...snip...
|
|
395
402
|
[*] finish scan. the report is being generated..
|
|
396
403
|
+----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
|
|
@@ -571,6 +578,8 @@ Everyone interacting in the XSpear project’s codebases, issue trackers, chat r
|
|
|
571
578
|
<img src="https://user-images.githubusercontent.com/13212227/71557941-c8c17400-2a90-11ea-9cfe-90e9b5d51c34.png" width=100%>
|
|
572
579
|
< JSON Report >
|
|
573
580
|
<img src="https://user-images.githubusercontent.com/13212227/63032411-b8996580-bef0-11e9-8aee-0b80fe87f50d.png" width=100%>
|
|
581
|
+
< HTML Report >
|
|
582
|
+
<img src="https://user-images.githubusercontent.com/13212227/74363820-b1570400-4e0e-11ea-9ce5-c78319a9d81c.png" width=100%>
|
|
574
583
|
|
|
575
584
|
## Video
|
|
576
585
|
[](https://asciinema.org/a/290126)
|
data/XSpear.gemspec
CHANGED
|
@@ -44,6 +44,6 @@ Gem::Specification.new do |spec|
|
|
|
44
44
|
spec.add_development_dependency "terminal-table" , "~> 1.8.0"
|
|
45
45
|
spec.add_development_dependency "progress_bar", "~> 1.3.0"
|
|
46
46
|
spec.add_development_dependency "bundler", "~> 2.0"
|
|
47
|
-
spec.add_development_dependency "rake", "
|
|
47
|
+
spec.add_development_dependency "rake", ">= 12.3.3"
|
|
48
48
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
49
49
|
end
|
data/lib/XSpear.rb
CHANGED
|
@@ -558,7 +558,13 @@ class XspearScan
|
|
|
558
558
|
r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
|
|
559
559
|
r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
|
|
560
560
|
r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?;javascript:alert(1);0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?;javascript:alert(1);0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
|
|
561
|
-
|
|
561
|
+
r.push makeQueryPattern('x', '"\'><a href="jav ascript:alert(45)">XSS</a>', '<a href="jav ascript:alert(45)"">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
562
|
+
r.push makeQueryPattern('x', '"\'><a href="javascript:alert(45)">XSS</a>', '<a href="javascript:alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
563
|
+
r.push makeQueryPattern('x', '"\'><a href="javascript:alert(45)">XSS</a>', '<a href="javascript:alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
564
|
+
r.push makeQueryPattern('x', '"\'><a href="javascript:alert(45)">XSS</a>', '<a href="javascript:alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
565
|
+
r.push makeQueryPattern('x', '"\'><a href=" javascript:alert(45)">XSS</a>', '<a href=" javascript:alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
566
|
+
r.push makeQueryPattern('x', '"\'><a href="javascript:alert(45)">XSS</a>', '<a href="javascript:alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
567
|
+
r.push makeQueryPattern('x', '"\'><a href="javascript:alert('XSS')">XSS</a>', '<a href="javascript:alert('XSS')">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
|
|
562
568
|
|
|
563
569
|
onfocus_tags.each do |t|
|
|
564
570
|
r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
|
data/lib/XSpear/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: XSpear
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- hahwul
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-03-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -140,16 +140,16 @@ dependencies:
|
|
|
140
140
|
name: rake
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
142
142
|
requirements:
|
|
143
|
-
- - "
|
|
143
|
+
- - ">="
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version:
|
|
145
|
+
version: 12.3.3
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
|
-
- - "
|
|
150
|
+
- - ">="
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version:
|
|
152
|
+
version: 12.3.3
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
154
|
name: rspec
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -186,7 +186,6 @@ files:
|
|
|
186
186
|
- LICENSE.txt
|
|
187
187
|
- README.md
|
|
188
188
|
- Rakefile
|
|
189
|
-
- XSpear-1.3.3.gem
|
|
190
189
|
- XSpear.gemspec
|
|
191
190
|
- bin/console
|
|
192
191
|
- bin/setup
|
|
@@ -201,6 +200,7 @@ files:
|
|
|
201
200
|
- lib/XSpear/log.rb
|
|
202
201
|
- lib/XSpear/version.rb
|
|
203
202
|
- raw_sample.txt
|
|
203
|
+
- renovate.json
|
|
204
204
|
homepage: https://github.com/hahwul/XSpear
|
|
205
205
|
licenses:
|
|
206
206
|
- MIT
|
data/XSpear-1.3.3.gem
DELETED
|
Binary file
|