cross 0.71.0 → 0.75.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -1
  3. data/bin/cross +13 -6
  4. data/cross.gemspec +5 -2
  5. data/lib/cross.rb +0 -1
  6. data/lib/cross/engine.rb +6 -7
  7. data/lib/cross/version.rb +1 -1
  8. data/lib/cross/xss.rb +4 -0
  9. metadata +4 -5
  10. data/lib/cross/url.rb +0 -74
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4d3b0fa8038e923a78169091deade7936f0a2d66
4
- data.tar.gz: fb09d7896889725c4dc6e2d88587d51247ea29a1
3
+ metadata.gz: cdf85e6db97ddb73397f4ff468421d5bde9f6de4
4
+ data.tar.gz: 6df08d84bfa7a317ecc44561142a6d37e665d16e
5
5
  SHA512:
6
- metadata.gz: b755291350494991b333fee9d5546a2a2449556ea8e66b59258ae3ff709f523e1133285b65b0cacfa343c3d33a9fc47b89c7d576495c486551b7e057b3d30c9c
7
- data.tar.gz: 334a929b2c037787a53c35d8ce4024dc431bb6ababc6fbe4e60b582bd8f02cc77d8a7ad4f88f6c33433b056bffd27a39c376297e3598c3a6e96da50fd6342b64
6
+ metadata.gz: cefefee84df4fdc1aa9a66e378b32a75ea31cfddc122d9e38075139eab4c95d071e11c4477e31e9add7a6c60d61c88ab0578b0d06b34083d64d447abc39fc0dd
7
+ data.tar.gz: b4922ccdd23610f60f3eecdd3f751e21fdf2733337d95db9d086aa94ebbf08b338a6450477130ad1a9f64fca6f9162db6550c0428397d1f11a392ea75839a396
data/.gitignore CHANGED
@@ -1,4 +1,5 @@
1
- *.swp
1
+ *.txt
2
+ *.sw?
2
3
  *.log
3
4
  *.gem
4
5
  *.rbc
data/bin/cross CHANGED
@@ -14,6 +14,7 @@ opts = GetoptLong.new(
14
14
  [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
15
15
  ['--debug', '-D', GetoptLong::NO_ARGUMENT ],
16
16
  ['--oneshot', '-1', GetoptLong::NO_ARGUMENT ],
17
+ ['--evasion', '-e', GetoptLong::NO_ARGUMENT ],
17
18
  ['--sample-post', '-S', GetoptLong::REQUIRED_ARGUMENT ],
18
19
  ['--tamper', '-t', GetoptLong::REQUIRED_ARGUMENT ],
19
20
  ['--exploit-url', '-u', GetoptLong::NO_ARGUMENT ],
@@ -38,6 +39,7 @@ opts.each do |opt, arg|
38
39
  puts "usage: cross [-D1StucUPhv] target"
39
40
  puts " -D: turns debug on"
40
41
  puts " -1: random select a XSS attack pattern"
42
+ puts " -e: list evasion list"
41
43
  puts " -S arg: when tampering posts, arg is a valid POST body used as reference. It can be also a text file containg the POST parameters."
42
44
  puts " -t arg: tells cross to tamper the given parameter. It must be used with -S flag turned on"
43
45
  puts " -u: exploits the URL string instead of looking at the form values"
@@ -65,10 +67,15 @@ opts.each do |opt, arg|
65
67
  options[:auth][:username]=arg
66
68
  when '--password'
67
69
  options[:auth][:password]=arg
70
+ when '--evasion'
71
+ Cross::Attack::XSS::EVASION.each do |evasion|
72
+ $logger.log evasion
73
+ end
68
74
  end
69
75
  end
70
76
 
71
77
  $logger.helo "cross", Cross::VERSION
78
+ $logger.toggle_syslog
72
79
  $logger.die "missing target" if ARGV.length != 1
73
80
  $logger.die "-S and -t flag must be used together" if (options[:sample_post].empty? && ! options[:parameter_to_tamper].empty?) or (! options[:sample_post].empty? && options[:parameter_to_tamper].empty?)
74
81
 
@@ -80,14 +87,14 @@ engine.start(options)
80
87
  found = false
81
88
 
82
89
  engine.inject
83
- unless engine.results.empty?
90
+ $logger.log "#{Cross::Attack::XSS.count} attack payloads sent"
84
91
 
85
- $logger.ok "Canary found in output page. Suspected XSS"
86
- engine.results.each do |res|
87
- $logger.log res[:evidence]
88
- end
92
+ unless engine.results.empty?
93
+ $logger.ok "Canary found in output page. Suspected XSS"
94
+ engine.results.each do |res|
95
+ $logger.log res[:evidence]
96
+ end
89
97
  end
90
98
 
91
-
92
99
  $logger.err "Canary not found" if engine.results.empty?
93
100
  $logger.bye
data/cross.gemspec CHANGED
@@ -1,5 +1,8 @@
1
1
  # -*- encoding: utf-8 -*-
2
- require File.expand_path('../lib/cross/version', __FILE__)
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'cross/version'
5
+
3
6
 
4
7
  Gem::Specification.new do |gem|
5
8
  gem.authors = ["Paolo Perego"]
@@ -23,5 +26,5 @@ Gem::Specification.new do |gem|
23
26
  gem.add_dependency "logger"
24
27
  gem.add_dependency "rainbow"
25
28
 
26
- gem.add_dependency "codesake-commons"
29
+ gem.add_dependency "codesake-commons", ">= 0.89.0"
27
30
  end
data/lib/cross.rb CHANGED
@@ -1,3 +1,2 @@
1
1
  require 'cross/version'
2
2
  require 'cross/engine'
3
- require 'cross/url'
data/lib/cross/engine.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  require 'mechanize'
2
2
  require 'logger'
3
3
  require 'singleton'
4
- require 'URI'
5
4
 
6
5
  require 'cross/xss'
7
6
 
@@ -28,11 +27,11 @@ module Cross
28
27
  # Starts the engine
29
28
  def start(options = {:exploit_url=>false, :debug=>false, :oneshot=>false, :sample_post=>"", :parameter_to_tamper=>"", :auth=>{:username=>nil, :password=>nil}, :target=>""})
30
29
  @agent = Mechanize.new {|a| a.log = Logger.new(create_log_filename(options[:target]))}
31
- @agent.user_agent_alias = 'Mac Safari'
30
+ @agent.user_agent = "cross v#{Cross::VERSION}"
32
31
  @agent.agent.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
33
32
  @options = options
34
33
  @target = options[:target]
35
- @results = {}
34
+ @results = []
36
35
  end
37
36
 
38
37
 
@@ -67,7 +66,7 @@ module Cross
67
66
  if @options[:exploit_url]
68
67
  # You ask to exploit the url, so I won't check for form values
69
68
 
70
- theurl= Cross::Url.new(@target)
69
+ theurl= Codesake::Core::Url.new(@target)
71
70
 
72
71
  attack_url(theurl, Cross::Attack::XSS.rand) if oneshot?
73
72
 
@@ -123,7 +122,7 @@ module Cross
123
122
  ! ( @options[:auth][:username].nil? && @options[:auth][:password].nil? )
124
123
  end
125
124
 
126
- def attack_url(url = Cross::Url.new, pattern)
125
+ def attack_url(url = Codesake::Core::Url.new, pattern)
127
126
  $logger.log "using attack vector: #{pattern}" if debug?
128
127
  url.params.each do |par|
129
128
 
@@ -178,7 +177,7 @@ module Cross
178
177
  scripts.each do |sc|
179
178
  if sc.children.text.include?("alert(#{Cross::Attack::XSS::CANARY})")
180
179
  $logger.log(page.body) if @debug
181
- @results << {:page=>page.url, :method=>:post, :evidence=>sc.children.text}
180
+ @results << {:page=>page.uri.to_s, :method=>:post, :evidence=>sc.children.text}
182
181
  return true
183
182
  end
184
183
  end
@@ -188,7 +187,7 @@ module Cross
188
187
  inputs.each do |input|
189
188
  if ! input['onmouseover'].nil? && input['onmouseover'].include?("alert(#{Cross::Attack::XSS::CANARY})")
190
189
  $logger.log(page.body) if @debug
191
- @results << {:page=>page.url, :method=>:post, :evidence=> input['onmouseover']}
190
+ @results << {:page=>page.uri.to_s, :method=>:post, :evidence=> input['onmouseover']}
192
191
  return true
193
192
  end
194
193
  end
data/lib/cross/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Cross
2
- VERSION = "0.71.0"
2
+ VERSION = "0.75.0"
3
3
  end
data/lib/cross/xss.rb CHANGED
@@ -6,6 +6,7 @@ module Cross
6
6
 
7
7
  CANARY = 666
8
8
  EVASIONS = [
9
+ "\"/><script>alert(#{Cross::Attack::XSS::CANARY});</script>",
9
10
  "a onmouseover=alert(#{Cross::Attack::XSS::CANARY})",
10
11
  "<script>alert(#{Cross::Attack::XSS::CANARY})</script>",
11
12
  "<script>alert(#{Cross::Attack::XSS::CANARY});</script>",
@@ -72,6 +73,9 @@ module Cross
72
73
  Cross::Attack::XSS::EVASIONS[SecureRandom.random_number(Cross::Attack::XSS::EVASIONS.size)]
73
74
  end
74
75
 
76
+ def self.count
77
+ Cross::Attack::XSS::EVASIONS.count
78
+ end
75
79
 
76
80
  def self.each
77
81
  Cross::Attack::XSS::EVASIONS.each do |pattern|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cross
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.71.0
4
+ version: 0.75.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paolo Perego
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-10-17 00:00:00.000000000 Z
11
+ date: 2013-12-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - '>='
102
102
  - !ruby/object:Gem::Version
103
- version: '0'
103
+ version: 0.89.0
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - '>='
109
109
  - !ruby/object:Gem::Version
110
- version: '0'
110
+ version: 0.89.0
111
111
  description: cross is a cross site scripting testing tool
112
112
  email:
113
113
  - thesp0nge@gmail.com
@@ -130,7 +130,6 @@ files:
130
130
  - cross.gemspec
131
131
  - lib/cross.rb
132
132
  - lib/cross/engine.rb
133
- - lib/cross/url.rb
134
133
  - lib/cross/version.rb
135
134
  - lib/cross/xss.rb
136
135
  - spec/cross_spec.rb
data/lib/cross/url.rb DELETED
@@ -1,74 +0,0 @@
1
- module Cross
2
- class Url
3
-
4
- attr_reader :url
5
- attr_reader :base_url
6
- attr_reader :params
7
- attr_reader :original_params
8
-
9
- def initialize(url)
10
- @url = url
11
- @params = []
12
- @original_params = []
13
- @base_url = url.split('?')[0]
14
- if has_params?
15
- p_array = url.split('?')[1].split('&')
16
- p_array.each do |p|
17
- pp = p.split('=')
18
- param = {}
19
- param[:name] = pp[0]
20
- param[:value] = pp[1] unless pp[1].nil?
21
-
22
- @params << param
23
- @original_params << param.dup
24
- end
25
- @original_params.freeze
26
- end
27
- end
28
-
29
- def to_s
30
- "#{@base_url}?#{params_to_url}"
31
- end
32
-
33
- def fuzz(name, value)
34
- set(name, value)
35
- "#{@base_url}?#{params_to_url}"
36
- end
37
-
38
- def get(name)
39
- value = nil
40
- @params.each do |p|
41
- value = p[:value] if p[:name] == name
42
- end
43
- value
44
- end
45
-
46
- def set(name, value)
47
- @params.each do |p|
48
- p[:value] = value if p[:name] == name
49
- end
50
- end
51
-
52
- def reset
53
- @params = []
54
- @original_params.each do |p|
55
- @params << p.dup
56
- end
57
- end
58
-
59
- def has_params?
60
- ! @url.split('?')[1].nil?
61
- end
62
- def params_to_url
63
- ret = ""
64
- @params.each do |p|
65
- ret += "#{p[:name]}=#{p[:value]}"
66
- if !(p == @params.last)
67
- ret +="&"
68
- end
69
- end
70
- ret
71
-
72
- end
73
- end
74
- end