XSpear 1.0.9 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.idea/workspace.xml +94 -73
  3. data/lib/XSpear/XSpearRepoter.rb +42 -29
  4. data/lib/XSpear/banner.rb +7 -7
  5. data/lib/XSpear/version.rb +1 -1
  6. data/lib/XSpear.rb +9 -5
  7. data/raw_sample.txt +8 -0
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7af449d36fa665bdbba42ab63dd4ecbc9b666dbeb29751df167cf3c28662d6d7
4
- data.tar.gz: fe079028ed5fe02664db09b5bcbfd15f2ea68661d2c6a146853872cbf8e978fd
3
+ metadata.gz: ea6588ae83ee1f89c3eff1f387b0b703d6862e471bef37c87ded1e356df39a7b
4
+ data.tar.gz: 9036a2080e929353daaeea7146253169b05ec65d204305345a53f8ee80419750
5
5
  SHA512:
6
- metadata.gz: 73b1cc7d0727310e9515f3b2602f3ab1b004f15bf85e316d63bc3c58a36840a03fc1a8481ea327aa0165851a01b1b294d9709029f2525c45bcf4c3b4215d90f1
7
- data.tar.gz: 3ab96ff93a503b4c94dd6f0427b963d1b3a81307aa4d7b8a2251a8e0693af848f49bda80174a21903e26e2ed700a7f45cb014cc09cea77d53de9a9f96e56be8b
6
+ metadata.gz: 2c55c310fbe45360257fff7e15b2850c96a09d5f94ac274fd551b45c6e9f9b45c757366fa466ca6405ce5e310c591f65c67f7dee9ac2764bf3ebeadd423f8691
7
+ data.tar.gz: 9271357e4283226c530ec50808bef585c4fb3f03e238f370b6090ba8c48f173a30fbf67f8209f2587f3cd85263f876c25b21e9542be97f5536e694ec854d668a
data/.idea/workspace.xml CHANGED
@@ -1,10 +1,12 @@
1
1
  <?xml version="1.0" encoding="UTF-8"?>
2
2
  <project version="4">
3
3
  <component name="ChangeListManager">
4
- <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
5
- <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
6
- <change beforePath="$PROJECT_DIR$/exe/XSpear" beforeDir="false" afterPath="$PROJECT_DIR$/exe/XSpear" afterDir="false" />
4
+ <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="(1.1.0) [Fixed #15] Maqke">
5
+ <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
7
6
  <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
7
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
8
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/banner.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/banner.rb" afterDir="false" />
9
+ <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
8
10
  </list>
9
11
  <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
10
12
  <option name="SHOW_DIALOG" value="false" />
@@ -18,20 +20,11 @@
18
20
  <component name="FileEditorManager">
19
21
  <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
20
22
  <file pinned="false" current-in-tab="false">
21
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
22
- <provider selected="true" editor-type-id="text-editor">
23
- <state relative-caret-position="458">
24
- <caret line="38" column="77" selection-start-line="38" selection-start-column="77" selection-end-line="38" selection-end-column="77" />
25
- </state>
26
- </provider>
27
- </entry>
28
- </file>
29
- <file pinned="false" current-in-tab="true">
30
23
  <entry file="file://$PROJECT_DIR$/README.md">
31
24
  <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
32
25
  <state split_layout="SPLIT">
33
- <first_editor relative-caret-position="274">
34
- <caret line="220" column="10" selection-start-line="220" selection-start-column="10" selection-end-line="220" selection-end-column="10" />
26
+ <first_editor relative-caret-position="1648">
27
+ <caret line="189" column="13" selection-start-line="189" selection-start-column="13" selection-end-line="189" selection-end-column="13" />
35
28
  </first_editor>
36
29
  <second_editor />
37
30
  </state>
@@ -46,17 +39,26 @@
46
39
  <file pinned="false" current-in-tab="false">
47
40
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
48
41
  <provider selected="true" editor-type-id="text-editor">
49
- <state relative-caret-position="-1602">
50
- <caret line="421" column="235" selection-start-line="421" selection-start-column="235" selection-end-line="421" selection-end-column="235" />
42
+ <state relative-caret-position="190">
43
+ <caret line="402" column="87" selection-start-line="402" selection-start-column="87" selection-end-line="402" selection-end-column="87" />
51
44
  </state>
52
45
  </provider>
53
46
  </entry>
54
47
  </file>
55
- <file pinned="false" current-in-tab="false">
48
+ <file pinned="false" current-in-tab="true">
56
49
  <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
57
50
  <provider selected="true" editor-type-id="text-editor">
58
- <state relative-caret-position="1590">
59
- <caret line="106" column="9" lean-forward="true" selection-start-line="106" selection-start-column="9" selection-end-line="106" selection-end-column="9" />
51
+ <state relative-caret-position="1585">
52
+ <caret line="113" column="8" selection-start-line="113" selection-start-column="8" selection-end-line="113" selection-end-column="8" />
53
+ </state>
54
+ </provider>
55
+ </entry>
56
+ </file>
57
+ <file pinned="false" current-in-tab="false">
58
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
59
+ <provider selected="true" editor-type-id="text-editor">
60
+ <state relative-caret-position="150">
61
+ <caret line="10" column="35" selection-start-line="10" selection-start-column="35" selection-end-line="10" selection-end-column="35" />
60
62
  </state>
61
63
  </provider>
62
64
  </entry>
@@ -73,8 +75,8 @@
73
75
  <file pinned="false" current-in-tab="false">
74
76
  <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
75
77
  <provider selected="true" editor-type-id="text-editor">
76
- <state relative-caret-position="15">
77
- <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
78
+ <state relative-caret-position="45">
79
+ <caret line="3" lean-forward="true" selection-start-line="3" selection-end-line="3" />
78
80
  </state>
79
81
  </provider>
80
82
  </entry>
@@ -108,20 +110,18 @@
108
110
  <list>
109
111
  <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
110
112
  <option value="$PROJECT_DIR$/XSpear.gemspec" />
111
- <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
112
- <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
113
- <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
114
- <option value="$PROJECT_DIR$/lib/XSpear.rb" />
115
113
  <option value="$PROJECT_DIR$/exe/XSpear" />
116
114
  <option value="$PROJECT_DIR$/README.md" />
115
+ <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
116
+ <option value="$PROJECT_DIR$/lib/XSpear.rb" />
117
+ <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
118
+ <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
117
119
  </list>
118
120
  </option>
119
121
  </component>
120
122
  <component name="ProjectFrameBounds" fullScreen="true">
121
- <option name="x" value="-1920" />
122
- <option name="y" value="-643" />
123
- <option name="width" value="1920" />
124
- <option name="height" value="1080" />
123
+ <option name="width" value="1680" />
124
+ <option name="height" value="1050" />
125
125
  </component>
126
126
  <component name="ProjectLevelVcsManager" settingsEditedManually="true">
127
127
  <ConfirmationsSetting value="2" id="Add" />
@@ -131,7 +131,6 @@
131
131
  <foldersAlwaysOnTop value="true" />
132
132
  </navigator>
133
133
  <panes>
134
- <pane id="Scope" />
135
134
  <pane id="ProjectPane">
136
135
  <subPane>
137
136
  <expand>
@@ -169,6 +168,7 @@
169
168
  <select />
170
169
  </subPane>
171
170
  </pane>
171
+ <pane id="Scope" />
172
172
  </panes>
173
173
  </component>
174
174
  <component name="PropertiesComponent">
@@ -228,7 +228,8 @@
228
228
  <workItem from="1562942816004" duration="15337000" />
229
229
  <workItem from="1563638656518" duration="4985000" />
230
230
  <workItem from="1563809961097" duration="4237000" />
231
- <workItem from="1563893538891" duration="11528000" />
231
+ <workItem from="1563893538891" duration="11917000" />
232
+ <workItem from="1564151699165" duration="2215000" />
232
233
  </task>
233
234
  <task id="LOCAL-00001" summary="init update">
234
235
  <created>1562945899597</created>
@@ -545,17 +546,37 @@
545
546
  <option name="project" value="LOCAL" />
546
547
  <updated>1564065895283</updated>
547
548
  </task>
548
- <option name="localTasksCounter" value="46" />
549
+ <task id="LOCAL-00046" summary="(1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs">
550
+ <created>1564067249340</created>
551
+ <option name="number" value="00046" />
552
+ <option name="presentableId" value="LOCAL-00046" />
553
+ <option name="project" value="LOCAL" />
554
+ <updated>1564067249340</updated>
555
+ </task>
556
+ <task id="LOCAL-00047" summary="(1.1.0) [Fixed #14] Edit raw query print code">
557
+ <created>1564151939307</created>
558
+ <option name="number" value="00047" />
559
+ <option name="presentableId" value="LOCAL-00047" />
560
+ <option name="project" value="LOCAL" />
561
+ <updated>1564151939307</updated>
562
+ </task>
563
+ <task id="LOCAL-00048" summary="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정">
564
+ <created>1564152655489</created>
565
+ <option name="number" value="00048" />
566
+ <option name="presentableId" value="LOCAL-00048" />
567
+ <option name="project" value="LOCAL" />
568
+ <updated>1564152655489</updated>
569
+ </task>
570
+ <option name="localTasksCounter" value="49" />
549
571
  <servers />
550
572
  </component>
551
573
  <component name="TimeTrackingManager">
552
- <option name="totallyTimeSpent" value="36087000" />
574
+ <option name="totallyTimeSpent" value="38691000" />
553
575
  </component>
554
576
  <component name="ToolWindowManager">
555
- <frame x="-1920" y="-643" width="1920" height="1080" extended-state="0" />
556
- <editor active="true" />
577
+ <frame x="0" y="0" width="1680" height="1050" extended-state="0" />
557
578
  <layout>
558
- <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.16400427" />
579
+ <window_info content_ui="combo" id="Project" order="0" visible="true" weight="0.16605617" />
559
580
  <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
560
581
  <window_info id="Favorites" order="2" side_tool="true" />
561
582
  <window_info anchor="bottom" id="Message" order="0" />
@@ -568,7 +589,7 @@
568
589
  <window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
569
590
  <window_info anchor="bottom" id="Database Changes" order="8" />
570
591
  <window_info anchor="bottom" id="Version Control" order="9" />
571
- <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.34158415" />
592
+ <window_info active="true" anchor="bottom" id="Terminal" order="10" visible="true" weight="0.34081632" />
572
593
  <window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
573
594
  <window_info anchor="bottom" id="Messages" order="12" weight="0.32953367" />
574
595
  <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
@@ -581,9 +602,6 @@
581
602
  <option name="version" value="1" />
582
603
  </component>
583
604
  <component name="VcsManagerConfiguration">
584
- <MESSAGE value="Edit readme" />
585
- <MESSAGE value="modify dependency rspec" />
586
- <MESSAGE value="Change Badge(version)" />
587
605
  <MESSAGE value="Add show version &amp; edit help, version in banner" />
588
606
  <MESSAGE value="Edit version , release 1.0.2" />
589
607
  <MESSAGE value="Add EventHandler Test logic (1.0.3), edit description on report" />
@@ -606,7 +624,10 @@
606
624
  <MESSAGE value="(1.0.9)[Fixed #12] Modify XSpear Struct(option.* =&gt; options [hash])" />
607
625
  <MESSAGE value="(1.0.9)[Fixed #10] Add raw file read options" />
608
626
  <MESSAGE value="(1.0.9)[Fixed #13] Remove add pattern from StandardError in 'makeQueryPattern'" />
609
- <option name="LAST_COMMIT_MESSAGE" value="(1.0.9)[Fixed #13] Remove add pattern from StandardError in 'makeQueryPattern'" />
627
+ <MESSAGE value="(1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs" />
628
+ <MESSAGE value="(1.1.0) [Fixed #14] Edit raw query print code" />
629
+ <MESSAGE value="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정" />
630
+ <option name="LAST_COMMIT_MESSAGE" value="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정" />
610
631
  </component>
611
632
  <component name="editorHistoryManager">
612
633
  <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -622,10 +643,20 @@
622
643
  <entry file="file://$PROJECT_DIR$/bin/setup">
623
644
  <provider selected="true" editor-type-id="text-editor" />
624
645
  </entry>
625
- <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
646
+ <entry file="file://$PROJECT_DIR$/exe/XSpear">
647
+ <provider selected="true" editor-type-id="text-editor">
648
+ <state relative-caret-position="570">
649
+ <caret line="38" column="77" selection-start-line="38" selection-start-column="77" selection-end-line="38" selection-end-column="77" />
650
+ </state>
651
+ </provider>
652
+ </entry>
653
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
654
+ <provider selected="true" editor-type-id="text-editor" />
655
+ </entry>
656
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
626
657
  <provider selected="true" editor-type-id="text-editor">
627
- <state relative-caret-position="180">
628
- <caret line="12" column="69" selection-start-line="12" selection-start-column="69" selection-end-line="12" selection-end-column="69" />
658
+ <state relative-caret-position="195">
659
+ <caret line="13" column="19" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
629
660
  </state>
630
661
  </provider>
631
662
  </entry>
@@ -642,51 +673,41 @@
642
673
  <entry file="file:///usr/local/bin/rake">
643
674
  <provider selected="true" editor-type-id="text-editor" />
644
675
  </entry>
645
- <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
646
- <provider selected="true" editor-type-id="text-editor" />
647
- </entry>
648
- <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
649
- <provider selected="true" editor-type-id="text-editor">
650
- <state relative-caret-position="15">
651
- <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
652
- </state>
653
- </provider>
654
- </entry>
655
- <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
656
- <provider selected="true" editor-type-id="text-editor">
657
- <state relative-caret-position="195">
658
- <caret line="13" column="19" selection-start-line="13" selection-start-column="19" selection-end-line="13" selection-end-column="19" />
676
+ <entry file="file://$PROJECT_DIR$/README.md">
677
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
678
+ <state split_layout="SPLIT">
679
+ <first_editor relative-caret-position="1648">
680
+ <caret line="189" column="13" selection-start-line="189" selection-start-column="13" selection-end-line="189" selection-end-column="13" />
681
+ </first_editor>
682
+ <second_editor />
659
683
  </state>
660
684
  </provider>
661
685
  </entry>
662
- <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
686
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
663
687
  <provider selected="true" editor-type-id="text-editor">
664
- <state relative-caret-position="1590">
665
- <caret line="106" column="9" lean-forward="true" selection-start-line="106" selection-start-column="9" selection-end-line="106" selection-end-column="9" />
688
+ <state relative-caret-position="45">
689
+ <caret line="3" lean-forward="true" selection-start-line="3" selection-end-line="3" />
666
690
  </state>
667
691
  </provider>
668
692
  </entry>
669
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
693
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
670
694
  <provider selected="true" editor-type-id="text-editor">
671
- <state relative-caret-position="458">
672
- <caret line="38" column="77" selection-start-line="38" selection-start-column="77" selection-end-line="38" selection-end-column="77" />
695
+ <state relative-caret-position="150">
696
+ <caret line="10" column="35" selection-start-line="10" selection-start-column="35" selection-end-line="10" selection-end-column="35" />
673
697
  </state>
674
698
  </provider>
675
699
  </entry>
676
700
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
677
701
  <provider selected="true" editor-type-id="text-editor">
678
- <state relative-caret-position="-1602">
679
- <caret line="421" column="235" selection-start-line="421" selection-start-column="235" selection-end-line="421" selection-end-column="235" />
702
+ <state relative-caret-position="190">
703
+ <caret line="402" column="87" selection-start-line="402" selection-start-column="87" selection-end-line="402" selection-end-column="87" />
680
704
  </state>
681
705
  </provider>
682
706
  </entry>
683
- <entry file="file://$PROJECT_DIR$/README.md">
684
- <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
685
- <state split_layout="SPLIT">
686
- <first_editor relative-caret-position="274">
687
- <caret line="220" column="10" selection-start-line="220" selection-start-column="10" selection-end-line="220" selection-end-column="10" />
688
- </first_editor>
689
- <second_editor />
707
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
708
+ <provider selected="true" editor-type-id="text-editor">
709
+ <state relative-caret-position="1585">
710
+ <caret line="113" column="8" selection-start-line="113" selection-start-column="8" selection-end-line="113" selection-end-column="8" />
690
711
  </state>
691
712
  </provider>
692
713
  </entry>
data/lib/XSpear/XSpearRepoter.rb CHANGED
@@ -29,18 +29,20 @@ class XspearRepoter
29
29
  # desc
30
30
  # category
31
31
  # callback
32
+ @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".light_red}
33
+ @rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
32
34
  end
33
35
 
34
36
  def add_issue_first(type, issue, param, payload, pattern, description)
35
- rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
36
- rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
37
+ rtype = @rtype
38
+ rissue = @rissue
37
39
  @issue.insert(0,["-", rtype[type], rissue[issue], @method, param, pattern, description])
38
40
  @query.push payload
39
41
  end
40
42
 
41
43
  def add_issue(type, issue, param, payload, pattern, description)
42
- rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".red}
43
- rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
44
+ rtype = @rtype
45
+ rissue = @rissue
44
46
  @issue << [@issue.size, rtype[type], rissue[issue], @method, param, pattern, description]
45
47
  @query.push payload
46
48
  end
@@ -84,35 +86,46 @@ class XspearRepoter
84
86
  puts table
85
87
  puts "< Available Objects >".yellow
86
88
  @filtered_objects.each do |key, value|
87
- eh = []
88
- tag = []
89
- sc = []
90
- uc = []
91
- puts "[#{key}]".blue+" param"
92
- value.each do |n|
93
- if n.include? "=64"
94
- # eh
95
- eh.push n.chomp("=64")
96
- elsif n.include? "xsp<"
97
- # tag
98
- n = n.sub("xsp<","")
99
- tag.push n.chomp(">")
100
- elsif n.include? ".xspear"
101
- # uc
102
- uc.push n.sub(".xspear","")
103
- else
104
- # sc
105
- sc.push n.sub("XsPeaR","")
89
+ begin
90
+ eh = []
91
+ tag = []
92
+ sc = []
93
+ uc = []
94
+ puts "[#{key}]".blue+" param"
95
+ value.each do |n|
96
+ if n.include? "=64"
97
+ # eh
98
+ eh.push n.chomp("=64")
99
+ elsif n.include? "xsp<"
100
+ # tag
101
+ n = n.sub("xsp<","")
102
+ tag.push n.chomp(">")
103
+ elsif n.include? ".xspear"
104
+ # uc
105
+ uc.push n.sub(".xspear","")
106
+ else
107
+ # sc
108
+ sc.push n.sub("XsPeaR","")
109
+ end
106
110
  end
111
+ puts " + Available Special Char: ".green+"#{sc.map(&:inspect).join(',').gsub('"',"")}".gsub(',',' ')
112
+ puts " + Available Event Handler: ".green+"#{eh.map(&:inspect).join(',')}"
113
+ puts " + Available HTML Tag: ".green+"#{tag.map(&:inspect).join(',')}"
114
+ puts " + Available Useful Code: ".green+"#{uc.map(&:inspect).join(',')}"
115
+ rescue
116
+ puts "Not found"
107
117
  end
108
- puts " + Available Special Char: ".green+"#{sc.map(&:inspect).join(',').gsub('"',"")}".gsub(',',' ')
109
- puts " + Available Event Handler: ".green+"#{eh.map(&:inspect).join(',')}"
110
- puts " + Available HTML Tag: ".green+"#{tag.map(&:inspect).join(',')}"
111
- puts " + Available Useful Code: ".green+"#{uc.map(&:inspect).join(',')}"
112
118
  end
113
- puts "< Raw Query >".yellow
119
+ if @filtered_objects.length == 0
120
+ puts "Not found"
121
+ end
122
+ puts "\n< Raw Query >".yellow
123
+ begin
114
124
  @query.each_with_index do |q, i|
115
- puts "[#{i}] "+@url+"?"+q
125
+ puts "[#{i}] #{@url.sub(URI.parse(@url).query,"")}"+q
126
+ end
127
+ rescue
128
+ puts "Not found"
116
129
  end
117
130
  end
118
131
  end
data/lib/XSpear/banner.rb CHANGED
@@ -3,12 +3,12 @@ def banner;
3
3
  ( /( )\\ )
4
4
  )\\())(()/( ( ) (
5
5
  ((_)\\ /(_))` ) ))\\ ( /( )(
6
- __((_)(_)) /(/( /((_))(_))(()\\
7
- \\ \\/ // __|((_)_\\ (_)) ((_)_ ((_)
6
+ __((_)(_)) /(/( /((_))(_))(()\\".red+"
7
+ \\ \\/ // __|"+"((_)_\\ (_)) ((_)_ ((_)".red+"
8
8
  > < \\__ \\| '_ \\)/ -_)/ _` || '_|
9
- /_/\\_\\|___/| .__/ \\___|\\__,_||_| />
10
- |_| \\ /<
11
- {\\\\\\\\\\\\\\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\\\\\\\\\\\\(0):::<======================-
12
- / \\<
13
- \\> [ v#{XSpear::VERSION} ]"
9
+ /_/\\_\\|___/| .__/ \\___|\\__,_||_| "+"/>".red+"
10
+ |_| "+"\\ /<".red+"
11
+ "+"{\\\\\\\\\\\\\\\\\\\\\\\\\\".red+"BYHAHWUL"+"\\\\\\\\\\\\\\\\\\\\\\(0):::<======================-".red+"
12
+ "+"/ \\<".red+"
13
+ "+"\\>".red+" [ v#{XSpear::VERSION} ]"
14
14
  end
data/lib/XSpear/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module XSpear
2
- VERSION = "1.0.9"
2
+ VERSION = "1.1.0"
3
3
  end
data/lib/XSpear.rb CHANGED
@@ -400,7 +400,7 @@ class XspearScan
400
400
  r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
401
401
  r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
402
402
  r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
403
- r.push makeQueryPattern('x', '"\'><meter value=2 min=0 max=10 onmouseover=alert(45)>2 out of 10</meter>', '<meter value=2 min=0 max=10 onmouseover=alert(45)>2 out of 10</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
403
+ r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
404
404
 
405
405
  onfocus_tags.each do |t|
406
406
  r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
@@ -489,22 +489,26 @@ class XspearScan
489
489
  params = URI.decode_www_form(uri.query)
490
490
  params.each do |p|
491
491
  if @params.nil? || (@params.include? p[0] if !@params.nil?)
492
+ attack = ""
492
493
  dparams = params
493
494
  dparams.each do |d|
494
- d[1] = p[1] + payload if p[0] == d[0]
495
+ attack = uri.query.sub "#{d[0]}=#{d[1]}","#{d[0]}=#{d[1]}#{URI::encode(payload)}" if p[0] == d[0]
496
+ #d[1] = p[1] + payload if p[0] == d[0]
495
497
  end
496
- result.push("inject": 'url',"param":p[0] ,"type": type, "query": URI.encode_www_form(dparams), "pattern": pattern, "desc": desc, "category": category, "callback": callback)
498
+ result.push("inject": 'url',"param":p[0] ,"type": type, "query": attack, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
497
499
  end
498
500
  end
499
501
  unless @data.nil?
500
502
  params = URI.decode_www_form(@data)
501
503
  params.each do |p|
502
504
  if @params.nil? || (@params.include? p[0] if !@params.nil?)
505
+ attack = ""
503
506
  dparams = params
504
507
  dparams.each do |d|
505
- d[1] = p[1] + payload if p[0] == d[0]
508
+ attack = uri.query.sub "#{d[0]}=#{d[1]}","#{d[0]}=#{d[1]}#{URI::encode(payload)}" if p[0] == d[0]
509
+ #d[1] = p[1] + payload if p[0] == d[0]
506
510
  end
507
- result.push("inject": 'body', "param":p[0], "type": type, "query": URI.encode_www_form(dparams), "pattern": pattern, "desc": desc, "category": category, "callback": callback)
511
+ result.push("inject": 'body', "param":p[0], "type": type, "query": attack, "pattern": pattern, "desc": desc, "category": category, "callback": callback)
508
512
  end
509
513
  end
510
514
  end
data/raw_sample.txt ADDED
@@ -0,0 +1,8 @@
1
+ GET https://www.hahwul.com/?q=xspear HTTP/1.1
2
+ User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
3
+ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
4
+ Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.5,en;q=0.3
5
+ Connection: keep-alive
6
+ Cookie: _ga=GA1.2.1102548207.1555467144; _gid=GA1.2.1362788908.1563875038
7
+ Upgrade-Insecure-Requests: 1
8
+ Host: www.hahwul.com
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: XSpear
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.9
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - hahwul
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-07-25 00:00:00.000000000 Z
11
+ date: 2019-07-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -167,6 +167,7 @@ files:
167
167
  - lib/XSpear/banner.rb
168
168
  - lib/XSpear/log.rb
169
169
  - lib/XSpear/version.rb
170
+ - raw_sample.txt
170
171
  homepage: https://github.com/hahwul/XSpear
171
172
  licenses:
172
173
  - MIT