XSpear 1.0.6 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.idea/workspace.xml +65 -42
  3. data/README.md +98 -67
  4. data/lib/XSpear/XSpearRepoter.rb +2 -2
  5. data/lib/XSpear/version.rb +1 -1
  6. data/lib/XSpear.rb +13 -13
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 79c560a49f42b36d468188a502f3b8c16f78b2b0c8a11af550deeb083978529e
4
- data.tar.gz: d64291c47fddcee3d326ad2cb1db999c52fd992e3baf954b1b6fcdd47137f773
3
+ metadata.gz: 0c0ac315484162b92f2f958d2ddc70736bec0f164349575529e763f154366c37
4
+ data.tar.gz: eab6a1c2350ea1bf4467fcd41cfd00a61c58d1693503e4437ae86418e348bda1
5
5
  SHA512:
6
- metadata.gz: 3af5242c09f427957569d96ab94f239f774471594d127e4f33ca3c92db2ef1787cf59adbad739c18944340635dbe6f3b5cb10261d2d9e144379505e5356a85b5
7
- data.tar.gz: 4b2d8e9715b15fe2637d20655837e084d59dafbda2472ecc31a135dd8d3ee3469742c8d81cd8c372c323038d5ec07d70dafca7fb3bf2f5da4b1e758513e13256
6
+ metadata.gz: e4463bb21d6b1cf918c290d7a3540d93510f4f9cb68ebc6fad7319377d579228aa754b832e5d077f63e24b35d2ea73fa492a4a21351c0f26880b6c1f52065016
7
+ data.tar.gz: bf64aa0df617fdddfb8d07803a8dbba0bb2822579b56fbc93a0d17f73aced699ad2f46bfd01a51ae9e614d3287b016e2419eaba35384e17d76c038c3ea52d567
data/.idea/workspace.xml CHANGED
@@ -3,7 +3,10 @@
3
3
  <component name="ChangeListManager">
4
4
  <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
5
5
  <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
6
+ <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
6
7
  <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
8
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
9
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
7
10
  </list>
8
11
  <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
9
12
  <option name="SHOW_DIALOG" value="false" />
@@ -16,41 +19,37 @@
16
19
  </component>
17
20
  <component name="FileEditorManager">
18
21
  <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
19
- <file pinned="false" current-in-tab="false">
20
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
21
- <provider selected="true" editor-type-id="text-editor">
22
- <state relative-caret-position="525">
23
- <caret line="35" column="117" selection-start-line="35" selection-start-column="117" selection-end-line="35" selection-end-column="117" />
24
- </state>
25
- </provider>
26
- </entry>
27
- </file>
28
22
  <file pinned="false" current-in-tab="false">
29
23
  <entry file="file://$PROJECT_DIR$/README.md">
30
24
  <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
31
25
  <state split_layout="SPLIT">
32
- <first_editor relative-caret-position="599">
33
- <caret line="268" column="110" selection-start-line="268" selection-start-column="110" selection-end-line="268" selection-end-column="110" />
26
+ <first_editor relative-caret-position="2113">
27
+ <caret line="299" column="110" selection-start-line="299" selection-start-column="110" selection-end-line="299" selection-end-column="110" />
34
28
  </first_editor>
35
29
  <second_editor />
36
30
  </state>
37
31
  </provider>
38
32
  </entry>
39
33
  </file>
40
- <file pinned="false" current-in-tab="true">
34
+ <file pinned="false" current-in-tab="false">
35
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
36
+ <provider selected="true" editor-type-id="text-editor" />
37
+ </entry>
38
+ </file>
39
+ <file pinned="false" current-in-tab="false">
41
40
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
42
41
  <provider selected="true" editor-type-id="text-editor">
43
- <state relative-caret-position="370">
44
- <caret line="376" lean-forward="true" selection-start-line="376" selection-end-line="376" />
42
+ <state relative-caret-position="426">
43
+ <caret line="181" column="31" lean-forward="true" selection-start-line="181" selection-start-column="31" selection-end-line="181" selection-end-column="31" />
45
44
  </state>
46
45
  </provider>
47
46
  </entry>
48
47
  </file>
49
- <file pinned="false" current-in-tab="false">
48
+ <file pinned="false" current-in-tab="true">
50
49
  <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
51
50
  <provider selected="true" editor-type-id="text-editor">
52
- <state relative-caret-position="392">
53
- <caret line="102" column="9" lean-forward="true" selection-start-line="102" selection-start-column="9" selection-end-line="102" selection-end-column="9" />
51
+ <state relative-caret-position="253">
52
+ <caret line="41" column="29" selection-start-line="41" selection-start-column="29" selection-end-line="41" selection-end-column="29" />
54
53
  </state>
55
54
  </provider>
56
55
  </entry>
@@ -113,10 +112,10 @@
113
112
  <option value="$PROJECT_DIR$/XSpear.gemspec" />
114
113
  <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
115
114
  <option value="$PROJECT_DIR$/exe/XSpear" />
116
- <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
117
115
  <option value="$PROJECT_DIR$/README.md" />
118
- <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
116
+ <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
119
117
  <option value="$PROJECT_DIR$/lib/XSpear.rb" />
118
+ <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
120
119
  </list>
121
120
  </option>
122
121
  </component>
@@ -231,7 +230,7 @@
231
230
  <workItem from="1562942816004" duration="15337000" />
232
231
  <workItem from="1563638656518" duration="4985000" />
233
232
  <workItem from="1563809961097" duration="4237000" />
234
- <workItem from="1563893538891" duration="2230000" />
233
+ <workItem from="1563893538891" duration="3583000" />
235
234
  </task>
236
235
  <task id="LOCAL-00001" summary="init update">
237
236
  <created>1562945899597</created>
@@ -478,17 +477,38 @@
478
477
  <option name="project" value="LOCAL" />
479
478
  <updated>1563895638242</updated>
480
479
  </task>
481
- <option name="localTasksCounter" value="36" />
480
+ <task id="LOCAL-00036" summary="(1.0.6)[fixed #5] Add blind-xss other pattern">
481
+ <created>1563895850670</created>
482
+ <option name="number" value="00036" />
483
+ <option name="presentableId" value="LOCAL-00036" />
484
+ <option name="project" value="LOCAL" />
485
+ <updated>1563895850670</updated>
486
+ </task>
487
+ <task id="LOCAL-00037" summary="(1.0.6) Releases 1.0.6 version">
488
+ <created>1563896026689</created>
489
+ <option name="number" value="00037" />
490
+ <option name="presentableId" value="LOCAL-00037" />
491
+ <option name="project" value="LOCAL" />
492
+ <updated>1563896026689</updated>
493
+ </task>
494
+ <task id="LOCAL-00038" summary="(1.0.6) Edit README.md">
495
+ <created>1563896886094</created>
496
+ <option name="number" value="00038" />
497
+ <option name="presentableId" value="LOCAL-00038" />
498
+ <option name="project" value="LOCAL" />
499
+ <updated>1563896886094</updated>
500
+ </task>
501
+ <option name="localTasksCounter" value="39" />
482
502
  <servers />
483
503
  </component>
484
504
  <component name="TimeTrackingManager">
485
- <option name="totallyTimeSpent" value="26789000" />
505
+ <option name="totallyTimeSpent" value="28142000" />
486
506
  </component>
487
507
  <component name="ToolWindowManager">
488
508
  <frame x="-1920" y="-620" width="1920" height="1057" extended-state="0" />
489
509
  <editor active="true" />
490
510
  <layout>
491
- <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
511
+ <window_info content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
492
512
  <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
493
513
  <window_info id="Favorites" order="2" side_tool="true" />
494
514
  <window_info anchor="bottom" id="Message" order="0" />
@@ -501,7 +521,7 @@
501
521
  <window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
502
522
  <window_info anchor="bottom" id="Database Changes" order="8" />
503
523
  <window_info anchor="bottom" id="Version Control" order="9" />
504
- <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.29637307" />
524
+ <window_info active="true" anchor="bottom" id="Terminal" order="10" visible="true" weight="0.29637307" />
505
525
  <window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
506
526
  <window_info anchor="bottom" id="Messages" order="12" weight="0.32953367" />
507
527
  <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
@@ -514,9 +534,6 @@
514
534
  <option name="version" value="1" />
515
535
  </component>
516
536
  <component name="VcsManagerConfiguration">
517
- <MESSAGE value="init update" />
518
- <MESSAGE value="build gem and edit dependency" />
519
- <MESSAGE value="add gem &amp; edit code" />
520
537
  <MESSAGE value="edit gem dependency(runtime, developement)" />
521
538
  <MESSAGE value="Add json report and new build binary, edit readme" />
522
539
  <MESSAGE value="Add screenshot images" />
@@ -539,7 +556,10 @@
539
556
  <MESSAGE value="(1.0.6)[fixed #8] Added response header analysis module" />
540
557
  <MESSAGE value="(1.0.6)[fixed #9] Added method in report-cli" />
541
558
  <MESSAGE value="(1.0.6) Edit report &amp; scanning format" />
542
- <option name="LAST_COMMIT_MESSAGE" value="(1.0.6) Edit report &amp; scanning format" />
559
+ <MESSAGE value="(1.0.6)[fixed #5] Add blind-xss other pattern" />
560
+ <MESSAGE value="(1.0.6) Releases 1.0.6 version" />
561
+ <MESSAGE value="(1.0.6) Edit README.md" />
562
+ <option name="LAST_COMMIT_MESSAGE" value="(1.0.6) Edit README.md" />
543
563
  </component>
544
564
  <component name="editorHistoryManager">
545
565
  <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -576,13 +596,6 @@
576
596
  </state>
577
597
  </provider>
578
598
  </entry>
579
- <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
580
- <provider selected="true" editor-type-id="text-editor">
581
- <state relative-caret-position="15">
582
- <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
583
- </state>
584
- </provider>
585
- </entry>
586
599
  <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
587
600
  <provider selected="true" editor-type-id="text-editor">
588
601
  <state relative-caret-position="105">
@@ -596,27 +609,37 @@
596
609
  <entry file="file:///usr/local/bin/rake">
597
610
  <provider selected="true" editor-type-id="text-editor" />
598
611
  </entry>
612
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
613
+ <provider selected="true" editor-type-id="text-editor" />
614
+ </entry>
599
615
  <entry file="file://$PROJECT_DIR$/README.md">
600
616
  <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
601
617
  <state split_layout="SPLIT">
602
- <first_editor relative-caret-position="599">
603
- <caret line="268" column="110" selection-start-line="268" selection-start-column="110" selection-end-line="268" selection-end-column="110" />
618
+ <first_editor relative-caret-position="2113">
619
+ <caret line="299" column="110" selection-start-line="299" selection-start-column="110" selection-end-line="299" selection-end-column="110" />
604
620
  </first_editor>
605
621
  <second_editor />
606
622
  </state>
607
623
  </provider>
608
624
  </entry>
609
- <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
625
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
610
626
  <provider selected="true" editor-type-id="text-editor">
611
- <state relative-caret-position="392">
612
- <caret line="102" column="9" lean-forward="true" selection-start-line="102" selection-start-column="9" selection-end-line="102" selection-end-column="9" />
627
+ <state relative-caret-position="15">
628
+ <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
613
629
  </state>
614
630
  </provider>
615
631
  </entry>
616
632
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
617
633
  <provider selected="true" editor-type-id="text-editor">
618
- <state relative-caret-position="370">
619
- <caret line="376" lean-forward="true" selection-start-line="376" selection-end-line="376" />
634
+ <state relative-caret-position="426">
635
+ <caret line="181" column="31" lean-forward="true" selection-start-line="181" selection-start-column="31" selection-end-line="181" selection-end-column="31" />
636
+ </state>
637
+ </provider>
638
+ </entry>
639
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
640
+ <provider selected="true" editor-type-id="text-editor">
641
+ <state relative-caret-position="253">
642
+ <caret line="41" column="29" selection-start-line="41" selection-start-column="29" selection-end-line="41" selection-end-column="29" />
620
643
  </state>
621
644
  </provider>
622
645
  </entry>
data/README.md CHANGED
@@ -10,9 +10,12 @@ XSpear is XSS Scanner on ruby gems
10
10
  + Reflected Params
11
11
  + Filtered test `event handler` `HTML tag` `Special Char`
12
12
  - Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
13
+ - Dynamic/Static Analysis
14
+ + Find SQL Error pattern
15
+ + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )
16
+ + Analysis Other headers..(Server version, Content-Type, etc...)
13
17
  - XSpear running on ruby code(with Gem library)
14
- - Dynamic/Static Analysis(Find SQL Error, etc..)
15
- - Show table base report and testing raw query(url)
18
+ - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
16
19
  - Testing at selected parameters
17
20
  - Support output format `cli` `json`
18
21
  + cli: summary, filtered rule(params), Raw Query
@@ -99,80 +102,100 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
99
102
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -v 3
100
103
  ```
101
104
 
105
+ **set thread**
106
+ ```
107
+ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
108
+ ```
109
+
102
110
  **testing at selected parameters**
103
111
  ```
104
112
  $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test
105
113
  ```
106
114
 
115
+ **testing blind xss**
116
+ ```
117
+ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht"
118
+ ```
119
+
107
120
  etc...
108
121
 
109
122
  ### Sample log
110
123
  **Scanning XSS**
111
124
  ```
112
- $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=z"
113
- ) (
114
- ( /( )\ )
115
- )\())(()/( ( ) (
116
- ((_)\ /(_))` ) ))\ ( /( )(
117
- __((_)(_)) /(/( /((_))(_))(()\
118
- \ \/ // __|((_)_\ (_)) ((_)_ ((_)
119
- > < \__ \| '_ \)/ -_)/ _` || '_|
120
- /_/\_\|___/| .__/ \___|\__,_||_| />
121
- |_| \ /<
122
- {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
123
- / \<
124
- \> [ v1.0.5 ]
125
- [*] creating a test query.
126
- [*] test query generation is complete. [138 query]
127
- [*] starting test and analysis. [10 threads]
128
- [I] [01:44:06] [param: cat][Found SQL Error Pattern]
129
- [I] [01:44:06] reflected rEfe6[param: cat][reflected parameter]
130
- [I] [01:44:08] reflected onhwul=64[param: cat][not filtered event handler on{any} pattern]
131
- [-] [01:44:14] not reflected <svg/onload=alert(45)>
132
- [H] [01:44:14] reflected <script>alert(45)</script>[param: cat][reflected XSS Code]
133
- [H] [01:44:15] reflected "><iframe/src=JavaScriPt:alert(45)>[param: cat][reflected XSS Code]
134
- [-] [01:44:15] not reflected <img/src onerror=alert(45)>
135
- [-] [01:44:20] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
136
- =>
137
- [-] [01:44:21] not found alert/prompt/confirm event <xmp><p title="</xmp><svg/onload=alert(45)>">
138
- =>
139
- [V] [01:44:21] found alert/prompt/confirm (45) in selenium!! <script>alert(45)</script>
140
- => [param: cat][triggered <script>alert(45)</script>]
141
- [-] [01:44:22] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
142
- =>
143
- [V] [01:44:22] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>
144
- => [param: cat][triggered <svg/onload=alert(45)>]
145
- [-] [01:44:23] not found alert/prompt/confirm event '"><svg/onload=alert(45)>
146
- =>
147
- [*] finish scan. the report is being generated..
148
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
149
- | [ XSpear report ] |
150
- | http://testphp.vulnweb.com/listproducts.php?cat=z |
151
- | 2019-07-23 01:44:05 +0900 ~ 2019-07-23 01:44:23 +0900 Found 7 issues. |
152
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
153
- | NO | TYPE | ISSUE | PARAM | PAYLOAD | DESCRIPTION |
154
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
155
- | 0 | INFO | DYNAMIC ANALYSIS | cat | XsPeaR" | Found SQL Error Pattern |
156
- | 1 | INFO | REFLECTED | cat | rEfe6 | reflected parameter |
157
- | 2 | INFO | FILERD RULE | cat | onhwul=64 | not filtered event handler on{any} pattern |
158
- | 3 | HIGH | XSS | cat | <script>alert(45)</script> | reflected XSS Code |
159
- | 4 | HIGH | XSS | cat | "><iframe/src=JavaScriPt:alert(45)> | reflected XSS Code |
160
- | 5 | VULN | XSS | cat | <script>alert(45)</script> | triggered <script>alert(45)</script> |
161
- | 6 | VULN | XSS | cat | '"><svg/onload=alert(45)> | triggered <svg/onload=alert(45)> |
162
- +----+------+------------------+-------+-------------------------------------+--------------------------------------------+
163
- < Not Filtered >
164
- [cat] param
165
- + Special Char: `,\,<,|,(,;,>,',),+,-,{,.,],,,[,},:,=,$
166
- + Event Handler: "onAfterUpdate","onAbort","onBeforeCut","onAfterPrint","onBeforeActivate","onActivate","onBeforeCopy","onBeforeUpdate","onBeforeEditFocus","onBeforeDeactivate","onBlur","onBounce","onCellChange","onBegin","onBeforePrint","onBeforeUnload","onBeforePaste","onCut","onContextMenu","onCopy","onDataSetComplete","onClick","onDblClick","onControlSelect","onDataSetChanged","onChange","onDataAvailable","onDragEnd","onDragOver","onDrag","onDragLeave","onDragStart","onDeactivate","onDragEnter","onDragDrop","onDrop","onEnd","onFinish","onHashChange","onFocusIn","onErrorUpdate","onHelp","onFocusOut","onInput","onFocus","onError","onFilterChange","onMouseDown","onKeyPress","onMediaComplete","onLayoutComplete","onMediaError","onKeyUp","onMessage","onKeyDown","onLoad","onLoseCapture","onMouseEnter","onMouseUp","onMouseLeave","onMove","onMoveEnd","onMoveStart","onMouseOver","onMouseMove","onMouseOut","onMouseWheel","onProgress","onOutOfSync","onPopState","onPropertyChange","onOffline","onOnline","onRedo","onPaste","onReadyStateChange","onPause","onResizeStart","onRowExit","onResume","onRowDelete","onRepeat","onReset","onResizeEnd","onReverse","onRowsEnter","onResize","onSelectionChange","onSyncRestored","onStart","onStop","onStorage","onRowInserted","onSelect","onSelectStart","onScroll","onSeek","onTrackChange","onUnload","onURLFlip","onSubmit","onTimeError","onUndo"
167
- + HTML Tag: "script","iframe"
168
- < Raw Query >
169
- [0] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zXsPeaR%22
170
- [1] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zrEfe6
171
- [2] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%5C%22%3E%3Cxspear+onhwul%3D64%3E
172
- [3] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
173
- [4] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Ciframe%2Fsrc%3DJavaScriPt%3Aalert%2845%29%3E
174
- [5] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
175
- [6] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%27%22%3E%3Csvg%2Fonload%3Dalert%2845%29%3E
125
+ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=z"
126
+ ) (
127
+ ( /( )\ )
128
+ )\())(()/( ( ) (
129
+ ((_)\ /(_))` ) ))\ ( /( )(
130
+ __((_)(_)) /(/( /((_))(_))(()\
131
+ \ \/ // __|((_)_\ (_)) ((_)_ ((_)
132
+ > < \__ \| '_ \)/ -_)/ _` || '_|
133
+ /_/\_\|___/| .__/ \___|\__,_||_| />
134
+ |_| \ /<
135
+ {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
136
+ / \<
137
+ \> [ v1.0.6 ]
138
+ [*] creating a test query.
139
+ [*] test query generation is complete. [149 query]
140
+ [*] starting test and analysis. [10 threads]
141
+ [I] [00:37:34] reflected 'XsPeaR
142
+ [-] [00:37:34] 'cat' Not reflected |XsPeaR
143
+ [I] [00:37:34] [param: cat][Found SQL Error Pattern]
144
+ [-] [00:37:34] 'STATIC' not reflected
145
+ [I] [00:37:34] reflected "XsPeaR
146
+ [-] [00:37:34] 'cat' Not reflected ;XsPeaR
147
+ [I] [00:37:34] reflected `XsPeaR
148
+ ...snip...
149
+ [H] [00:37:44] reflected "><iframe/src=JavaScriPt:alert(45)>[param: cat][reflected XSS Code]
150
+ [-] [00:37:44] 'cat' not reflected <img/src onerror=alert(45)>
151
+ [-] [00:37:44] 'cat' not reflected <svg/onload=alert(45)>
152
+ [-] [00:37:49] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
153
+ [-] [00:37:49] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
154
+ [-] [00:37:50] 'cat' not found alert/prompt/confirm event <xmp><p title="</xmp><svg/onload=alert(45)>">
155
+ [-] [00:37:51] 'cat' not found alert/prompt/confirm event '"><svg/onload=alert(45)>
156
+ [V] [00:37:51] found alert/prompt/confirm (45) in selenium!! <script>alert(45)</script>
157
+ => [param: cat][triggered <script>alert(45)</script>]
158
+ [V] [00:37:51] found alert/prompt/confirm (45) in selenium!! '"><svg/onload=alert(45)>
159
+ => [param: cat][triggered <svg/onload=alert(45)>]
160
+ [*] finish scan. the report is being generated..
161
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
162
+ | [ XSpear report ] |
163
+ | http://testphp.vulnweb.com/listproducts.php?cat=z |
164
+ | 2019-07-24 00:37:33 +0900 ~ 2019-07-24 00:37:51 +0900 Found 12 issues. |
165
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
166
+ | NO | TYPE | ISSUE | METHOD | PARAM | PAYLOAD | DESCRIPTION |
167
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
168
+ | 0 | INFO | DYNAMIC ANALYSIS | GET | cat | XsPeaR" | Found SQL Error Pattern |
169
+ | 1 | INFO | STATIC ANALYSIS | GET | - | original query | Found Server: nginx/1.4.1 |
170
+ | 2 | INFO | STATIC ANALYSIS | GET | - | original query | Not set HSTS |
171
+ | 3 | INFO | STATIC ANALYSIS | GET | - | original query | Content-Type: text/html |
172
+ | 4 | LOW | STATIC ANALYSIS | GET | - | original query | Not Set X-Frame-Options |
173
+ | 5 | MIDUM | STATIC ANALYSIS | GET | - | original query | Not Set CSP |
174
+ | 6 | INFO | REFLECTED | GET | cat | rEfe6 | reflected parameter |
175
+ | 7 | INFO | FILERD RULE | GET | cat | onhwul=64 | not filtered event handler on{any} pattern |
176
+ | 8 | HIGH | XSS | GET | cat | <script>alert(45)</script> | reflected XSS Code |
177
+ | 9 | HIGH | XSS | GET | cat | "><iframe/src=JavaScriPt:alert(45)> | reflected XSS Code |
178
+ | 10 | VULN | XSS | GET | cat | <script>alert(45)</script> | triggered <script>alert(45)</script> |
179
+ | 11 | VULN | XSS | GET | cat | '"><svg/onload=alert(45)> | triggered <svg/onload=alert(45)> |
180
+ +----+-------+------------------+--------+-------+-------------------------------------+--------------------------------------------+
181
+ < Available Objects >
182
+ [cat] param
183
+ + Available Special Char: ' \ ` ] . : ) } [ { $
184
+ + Available Event Handler: "onActivate","onBeforeCopy","onAfterPrint","onAfterUpdate","onAbort","onBeforeActivate","onBeforeDeactivate","onBlur","onBeforeCut","onBounce","onBeforeUnload","onBeforeEditFocus","onBeforePaste","onBeforeUpdate","onBegin","onBeforePrint","onClick","onChange","onControlSelect","onDataSetChanged","onCopy","onDataSetComplete","onContextMenu","onDataAvailable","onCellChange","onCut","onDeactivate","onDblClick","onDragEnd","onDragOver","onDragDrop","onDrop","onDragStart","onDrag","onDragEnter","onDragLeave","onFilterChange","onFocusIn","onEnd","onHelp","onError","onErrorUpdate","onFocus","onFinish","onHashChange","onFocusOut","onLoad","onLoseCapture","onInput","onLayoutComplete","onKeyDown","onMessage","onKeyUp","onMediaError","onMediaComplete","onKeyPress","onMouseOver","onMove","onMouseEnter","onMouseWheel","onMouseLeave","onMoveEnd","onMouseDown","onMouseMove","onMouseUp","onMouseOut","onPropertyChange","onMoveStart","onPaste","onPopState","onOutOfSync","onProgress","onOnline","onReadyStateChange","onOffline","onPause","onResize","onReverse","onRepeat","onRedo","onResizeEnd","onRowExit","onReset","onRowsEnter","onResizeStart","onResume","onRowInserted","onScroll","onStorage","onSelectStart","onRowDelete","onSeek","onSelectionChange","onSelect","onStart","onStop","onUndo","onTrackChange","onURLFlip","onTimeError","onSyncRestored","onSubmit","onUnload"
185
+ + Available HTML Tag: "svg","iframe","script","audio","video","meta","frame","img","embeded","frameset","object","style"
186
+ < Raw Query >
187
+ [0] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zXsPeaR%22
188
+ [1] http://testphp.vulnweb.com/listproducts.php?cat=z?-
189
+ [2] http://testphp.vulnweb.com/listproducts.php?cat=z?-
190
+ [3] http://testphp.vulnweb.com/listproducts.php?cat=z?-
191
+ [4] http://testphp.vulnweb.com/listproducts.php?cat=z?-
192
+ [5] http://testphp.vulnweb.com/listproducts.php?cat=z?-
193
+ [6] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=zrEfe6
194
+ [7] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%5C%22%3E%3Cxspear+onhwul%3D64%3E
195
+ [8] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
196
+ [9] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Ciframe%2Fsrc%3DJavaScriPt%3Aalert%2845%29%3E
197
+ [10] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%22%3E%3Cscript%3Ealert%2845%29%3C%2Fscript%3E
198
+ [11] http://testphp.vulnweb.com/listproducts.php?cat=z?cat=z%27%22%3E%3Csvg%2Fonload%3Dalert%2845%29%3E
176
199
  ```
177
200
 
178
201
  **to JSON**
@@ -232,6 +255,14 @@ class ScanCallbackFunc()
232
255
  end
233
256
  ```
234
257
 
258
+ Common Callback Class
259
+ - CallbackXSSSelenium
260
+ - CallbackErrorPatternMatch
261
+ - CallbackCheckHeaders
262
+ - CallbackStringMatch
263
+ - CallbackNotAdded
264
+ etc...
265
+
235
266
  ## Update
236
267
  if nomal user
237
268
  ```
@@ -266,5 +297,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
266
297
  Everyone interacting in the XSpear project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/XSpear/blob/master/CODE_OF_CONDUCT.md).
267
298
 
268
299
  ## ScreenShot
269
- <img src="https://user-images.githubusercontent.com/13212227/61649243-14a30c80-acec-11e9-9a20-73839c4ec580.png" width=100%>
300
+ <img src="https://user-images.githubusercontent.com/13212227/61726530-bf7aff80-adac-11e9-9ed8-ac8ecd358c0c.png" width=100%>
270
301
  <img src="https://user-images.githubusercontent.com/13212227/61311071-8b459300-a830-11e9-8e60-c08e984fdacb.png" width=100%>
data/lib/XSpear/XSpearRepoter.rb CHANGED
@@ -32,14 +32,14 @@ class XspearRepoter
32
32
  end
33
33
 
34
34
  def add_issue_first(type, issue, param, payload, pattern, description)
35
- rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
35
+ rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
36
36
  rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
37
37
  @issue.insert(0,["-", rtype[type], rissue[issue], @method, param, pattern, description])
38
38
  @query.push payload
39
39
  end
40
40
 
41
41
  def add_issue(type, issue, param, payload, pattern, description)
42
- rtype = {"i"=>"INFO","v"=>"VULN","l"=>"LOW","m"=>"MIDUM","h"=>"HIGH"}
42
+ rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
43
43
  rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
44
44
  @issue << [@issue.size, rtype[type], rissue[issue], @method, param, pattern, description]
45
45
  @query.push payload
data/lib/XSpear/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module XSpear
2
- VERSION = "1.0.6"
2
+ VERSION = "1.0.7"
3
3
  end
data/lib/XSpear.rb CHANGED
@@ -78,28 +78,28 @@ class XspearScan
78
78
  def run
79
79
  if !@response['Server'].nil?
80
80
  # Server header
81
- @report.add_issue("i","s","-","-","original query","Found Server: #{@response['Server']}")
81
+ @report.add_issue("i","s","-","-","<original query>","Found Server: #{@response['Server']}")
82
82
  end
83
83
 
84
84
  if @response['Strict-Transport-Security'].nil?
85
85
  # HSTS
86
- @report.add_issue("i","s","-","-","original query","Not set HSTS")
86
+ @report.add_issue("i","s","-","-","<original query>","Not set HSTS")
87
87
  end
88
88
 
89
89
 
90
90
  if !@response['Content-Type'].nil?
91
- @report.add_issue("i","s","-","-","original query","Content-Type: #{@response['Content-Type']}")
91
+ @report.add_issue("i","s","-","-","<original query>","Content-Type: #{@response['Content-Type']}")
92
92
  end
93
93
 
94
94
 
95
95
  if !@response['X-XSS-Protection'].nil?
96
- @report.add_issue("i","s","-","-","original query","Not set X-XSS-Protection")
96
+ @report.add_issue("i","s","-","-","<original query>","Not set X-XSS-Protection")
97
97
  end
98
98
 
99
99
  if !@response['X-Frame-Options'].nil?
100
- @report.add_issue("i","s","-","-","original query","X-Frame-Options: #{@response['X-Frame-Options']}")
100
+ @report.add_issue("i","s","-","-","<original query>","X-Frame-Options: #{@response['X-Frame-Options']}")
101
101
  else
102
- @report.add_issue("l","s","-","-","original query","Not Set X-Frame-Options")
102
+ @report.add_issue("l","s","-","-","<original query>","Not Set X-Frame-Options")
103
103
  end
104
104
 
105
105
 
@@ -112,12 +112,12 @@ class XspearScan
112
112
  d = c.split " "
113
113
  r = r+d[0]+" "
114
114
  end
115
- @report.add_issue("i","s","-","-","original query","Set CSP(#{r})")
115
+ @report.add_issue("i","s","-","-","<original query>","Set CSP(#{r})")
116
116
  rescue
117
- @report.add_issue("i","s","-","-","original query","CSP ERROR")
117
+ @report.add_issue("i","s","-","-","<original query>","CSP ERROR")
118
118
  end
119
119
  else
120
- @report.add_issue("m","s","-","-","original query","Not Set CSP")
120
+ @report.add_issue("m","s","-","-","<original query>","Not Set CSP")
121
121
  end
122
122
 
123
123
 
@@ -172,17 +172,17 @@ class XspearScan
172
172
  alert = driver.switch_to().alert()
173
173
  if alert.text.to_s == "45"
174
174
  driver.quit
175
- return [true, "found alert/prompt/confirm (45) in selenium!! #{@query}\n => "]
175
+ return [true, "found alert/prompt/confirm (45) in selenium!! #{@query}"]
176
176
  else
177
177
  driver.quit
178
- return [true, "found alert/prompt/confirm event in selenium #{@query}\n =>"]
178
+ return [true, "found alert/prompt/confirm event in selenium #{@query}"]
179
179
  end
180
180
  rescue Selenium::WebDriver::Error::UnexpectedAlertOpenError => e
181
181
  driver.quit
182
- return [true, "found alert/prompt/confirm error base in selenium #{@query}\n =>"]
182
+ return [true, "found alert/prompt/confirm error base in selenium #{@query}"]
183
183
  rescue => e
184
184
  driver.quit
185
- return [false, "not found alert/prompt/confirm event #{@query}\n =>"]
185
+ return [false, "not found alert/prompt/confirm event #{@query}"]
186
186
  end
187
187
  end
188
188
  rescue => e
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: XSpear
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.6
4
+ version: 1.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - hahwul