rav-xss 1.0.28

package/src/config/manager.js

@@ -0,0 +1,112 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const packageInfo = require("../utils/packageInfo");
+
+const BASE_DIR = path.join(__dirname, "..", "..");
+const CONFIG_PATH = path.join(BASE_DIR, "config.json");
+
+/**
+ * 🏭 Obtém configuração padrão com valores fallback
+ * @returns {Object} Configuração padrão completa
+ */
+const getDefaultConfig = () => ({
+  targets: [
+    {
+      name: "Default Target",
+      url: "http://www.sudo.co.il/xss/level0.php?email=[XSS]",
+      notes: "Example target"
+    }
+  ],
+  scanner: {
+    user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+    timeout_ms: 8000,
+    delay_between_requests_ms: 500,
+    report_dir: path.join(BASE_DIR, "reports")
+  },
+  output: {
+    verbose: false,
+    show_safe: false
+  }
+});
+
+/**
+ * 📂 Carrega configuração do arquivo config.json
+ * @returns {Object} Configuração carregada ou padrão
+ */
+const loadConfig = () => {
+  if (!fs.existsSync(CONFIG_PATH)) {
+    const defaultConfig = getDefaultConfig();
+    saveConfig(defaultConfig);
+    return defaultConfig;
+  }
+
+  try {
+    const config = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf8"));
+    const merged = { ...getDefaultConfig(), ...config };
+
+    if (!merged.targets || merged.targets.length === 0) {
+      merged.targets = getDefaultConfig().targets;
+    }
+
+    if (merged.scanner?.report_dir && !path.isAbsolute(merged.scanner.report_dir)) {
+      merged.scanner.report_dir = path.join(BASE_DIR, merged.scanner.report_dir);
+    }
+
+    return merged;
+  } catch (err) {
+    console.error(`Error loading config: ${err.message}`);
+    return getDefaultConfig();
+  }
+};
+
+/**
+ * 💾 Salva configuração no arquivo config.json
+ * @param {Object} config - Configuração a ser salva
+ */
+const saveConfig = (config) => {
+  try {
+    const dir = path.dirname(CONFIG_PATH);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+
+    const configToSave = { ...config };
+    delete configToSave.version;
+
+    fs.writeFileSync(CONFIG_PATH, JSON.stringify(configToSave, null, 2));
+  } catch (err) {
+    console.error(`Error saving config: ${err.message}`);
+  }
+};
+
+/**
+ * ✅ Valida a configuração e cria diretórios necessários
+ * @param {Object} config - Configuração a validar
+ * @returns {boolean} true se válida
+ */
+const validateConfig = (config) => {
+  if (config.targets && config.targets.length > 0) {
+    for (const target of config.targets) {
+      if (!target.url || !target.url.includes("[XSS]")) {
+        console.error(`Invalid target URL: ${target.url}`);
+        return false;
+      }
+    }
+  }
+
+  const reportDir = config.scanner.report_dir;
+  if (reportDir && !fs.existsSync(reportDir)) {
+    try {
+      fs.mkdirSync(reportDir, { recursive: true });
+    } catch (err) {
+      console.error(`Error creating report directory: ${err.message}`);
+      return false;
+    }
+  }
+
+  return true;
+};
+
+module.exports = { loadConfig, saveConfig, validateConfig, getDefaultConfig };

package/src/core/browser.js

@@ -0,0 +1,430 @@
+"use strict";
+
+const axios = require("axios");
+const os = require("os");
+const fs = require("fs");
+const path = require("path");
+const { execSync } = require("child_process");
+
+let playwright = null;
+try {
+  if (!isTermux()) {
+    playwright = require("playwright");
+  }
+} catch (e) {
+  playwright = null;
+}
+
+/**
+ * 🖥️ Gerenciador de Modos de Execução
+ * 
+ * Gerencia requisições HTTP via Axios (Modo Normal) e navegação
+ * via Playwright (Modo Navegador) com detecção automática de ambiente.
+ */
+class BrowserManager {
+  constructor(config, args) {
+    this.config = config;
+    this.args = args;
+    this.mode = args.mode || config.mode || "axios";
+
+    if (isTermux()) {
+      this.mode = "axios";
+    }
+
+    if (this.mode === "playwright" && !playwright) {
+      this.mode = "axios";
+    }
+
+    this.browser = null;
+    this.responses = [];
+    this._browsersChecked = false;
+  }
+
+  /**
+   * 🔧 Verifica se os navegadores do Playwright estão instalados
+   * @returns {boolean} true se os navegadores estão disponíveis
+   */
+  arePlaywrightBrowsersInstalled() {
+    if (!playwright) return false;
+
+    try {
+      const registryPath = this.getPlaywrightBrowserPath();
+      if (!registryPath) return false;
+
+      return fs.existsSync(registryPath);
+    } catch (e) {
+      return false;
+    }
+  }
+
+  /**
+   * 📁 Obtém o caminho esperado para os navegadores do Playwright
+   * @returns {string|null} Caminho do diretório de navegadores
+   */
+  getPlaywrightBrowserPath() {
+    try {
+      const os = require("os");
+      const home = os.homedir();
+
+      if (process.platform === "win32") {
+        const localAppData = process.env.LOCALAPPDATA || path.join(home, "AppData", "Local");
+        return path.join(localAppData, "ms-playwright");
+      } else if (process.platform === "darwin") {
+        return path.join(home, "Library", "Caches", "ms-playwright");
+      } else {
+        const cacheDir = process.env.XDG_CACHE_HOME || path.join(home, ".cache");
+        return path.join(cacheDir, "ms-playwright");
+      }
+    } catch (e) {
+      return null;
+    }
+  }
+
+  /**
+   * 🔧 Verifica e instala os navegadores do Playwright se necessário
+   * @returns {boolean} true se os navegadores estão prontos
+   */
+  ensurePlaywrightBrowsers() {
+    if (this._browsersChecked) return true;
+    if (!playwright) return false;
+
+    const installed = this.arePlaywrightBrowsersInstalled();
+
+    if (installed) {
+      this._browsersChecked = true;
+      return true;
+    }
+
+    console.log("\n" + [
+      "═".repeat(55),
+      "  ⚠️  Playwright browsers not found!",
+      "  Installing Chromium automatically...",
+      "═".repeat(55)
+    ].join("\n"));
+
+    try {
+      execSync("npx playwright install chromium", {
+        stdio: "inherit",
+        timeout: 120000
+      });
+      console.log("  ✅ Chromium installed successfully!\n");
+      this._browsersChecked = true;
+      return true;
+    } catch (installError) {
+      console.log([
+        "",
+        "  ❌ Failed to install Chromium automatically.",
+        "  Please install manually with:",
+        "    npx playwright install chromium",
+        ""
+      ].join("\n"));
+      this._browsersChecked = true;
+      return false;
+    }
+  }
+
+  /**
+   * 🚀 Inicializa o navegador Playwright
+   * @returns {Promise<Object>} Instância do navegador
+   */
+  async launch() {
+    if (this.mode !== "playwright") return null;
+
+    if (!this.ensurePlaywrightBrowsers()) {
+      this.mode = "axios";
+      return null;
+    }
+
+    const browserType = playwright.chromium;
+
+    this.browser = await browserType.launch({
+      headless: this.config.scanner.headless !== false,
+      args: [
+        '--no-sandbox',
+        '--disable-setuid-sandbox',
+        '--disable-dev-shm-usage'
+      ]
+    });
+
+    return this.browser;
+  }
+
+  /**
+   * 🔒 Fecha a instância do navegador
+   * @returns {Promise<void>}
+   */
+  async close() {
+    if (this.browser) {
+      await this.browser.close();
+      this.browser = null;
+    }
+  }
+
+  /**
+   * 🌐 Cria um novo contexto de navegação
+   * @returns {Promise<Object>} Contexto do navegador
+   */
+  async createContext() {
+    if (!this.browser) return null;
+
+    return await this.browser.newContext({
+      userAgent: this.config.scanner.user_agent,
+      ignoreHTTPSErrors: true
+    });
+  }
+
+  /**
+   * 📄 Cria uma nova página com interceptação de recursos
+   * @param {Object} context - Contexto do navegador
+   * @returns {Promise<Object>} Página configurada
+   */
+  async createPage(context) {
+    if (!context) return null;
+
+    const page = await context.newPage();
+
+    await page.route("**/*.{png,jpg,jpeg,gif,woff,woff2,svg,css,ico,font}",
+      (route) => route.abort()
+    );
+
+    await page.route("**/*", (route, request) => {
+      this.captureResponse(request);
+      route.continue();
+    });
+
+    page.on("response", (response) => {
+      this.capturePlaywrightResponse(response);
+    });
+
+    return page;
+  }
+
+  /**
+   * 📡 Executa requisição HTTP no modo Axios
+   * @param {string} url - URL alvo
+   * @param {Object} options - Opções da requisição
+   * @returns {Promise<Object>} Resposta da requisição
+   */
+  async axiosRequest(url, options = {}) {
+    const config = {
+      timeout: this.config.scanner.timeout_ms || 8000,
+      headers: {
+        "User-Agent": this.config.scanner.user_agent,
+        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+        "Accept-Language": "en-US,en;q=0.5",
+        ...options.headers
+      },
+      validateStatus: () => true,
+      maxRedirects: 5,
+      ...options
+    };
+
+    try {
+      const response = await axios.get(url, config);
+
+      this.responses.push({
+        url: url,
+        status: response.status,
+        headers: response.headers,
+        body: response.data,
+        timestamp: new Date().toISOString()
+      });
+
+      return response;
+    } catch (error) {
+      return {
+        status: 0,
+        data: "",
+        headers: {},
+        error: error.message
+      };
+    }
+  }
+
+  /**
+   * 🎭 Executa navegação no modo Playwright
+   * @param {string} url - URL alvo
+   * @param {Object} options - Opções de navegação
+   * @returns {Promise<Object>} Resultado da navegação
+   */
+  async playwrightRequest(url, options = {}) {
+    if (!this.browser) {
+      await this.launch();
+    }
+
+    if (this.mode === "axios") {
+      return await this.axiosRequest(url, options);
+    }
+
+    const context = await this.createContext();
+    const page = await this.createPage(context);
+
+    let dialogMessage = null;
+    let dialogHandled = false;
+
+    page.on("dialog", async (dialog) => {
+      dialogMessage = dialog.message();
+      dialogHandled = true;
+      await dialog.accept();
+    });
+
+    try {
+      const response = await page.goto(url, {
+        waitUntil: "domcontentloaded",
+        timeout: this.config.scanner.timeout_ms || 8000,
+        ...options
+      });
+
+      await page.waitForTimeout(1000);
+
+      const body = await page.content();
+
+      this.responses.push({
+        url: url,
+        status: response?.status() || 0,
+        headers: response?.headers() || {},
+        body: body,
+        timestamp: new Date().toISOString(),
+        dialogMessage: dialogMessage
+      });
+
+      const result = {
+        status: response?.status() || 0,
+        data: body,
+        headers: response?.headers() || {},
+        dialogMessage: dialogMessage
+      };
+
+      if (this.config.scanner.headless === false) {
+        await page.waitForTimeout(1500);
+      }
+
+      await context.close();
+      return result;
+    } catch (error) {
+      await context.close();
+      return {
+        status: 0,
+        data: "",
+        headers: {},
+        error: error.message
+      };
+    }
+  }
+
+  /**
+   * 🎯 Executa requisição no modo apropriado
+   * @param {string} url - URL alvo
+   * @param {Object} options - Opções da requisição
+   * @returns {Promise<Object>} Resposta da requisição
+   */
+  async request(url, options = {}) {
+    if (this.mode === "playwright") {
+      return await this.playwrightRequest(url, options);
+    }
+
+    return await this.axiosRequest(url, options);
+  }
+
+  /**
+   * 🔍 Captura detalhes da requisição Playwright
+   * @param {Object} request - Objeto de requisição Playwright
+   */
+  captureResponse(request) {
+    if (!request) return;
+
+    if (this.args.verbose) {
+      console.log(`  📤 Request: ${request.method()} ${request.url()}`);
+    }
+  }
+
+  /**
+   * 📥 Captura detalhes da resposta Playwright
+   * @param {Object} response - Objeto de resposta Playwright
+   */
+  capturePlaywrightResponse(response) {
+    if (!response) return;
+
+    if (this.args.verbose) {
+      console.log(`  📥 Response: ${response.status()} ${response.url()}`);
+    }
+  }
+
+  /**
+   * 🧹 Limpa as respostas capturadas
+   */
+  clearResponses() {
+    this.responses = [];
+  }
+
+  /**
+   * 📊 Retorna as respostas capturadas
+   * @returns {Array} Lista de respostas
+   */
+  getResponses() {
+    return this.responses;
+  }
+
+  /**
+   * 🔄 Alterna entre os modos de execução
+   * @param {string} mode - Modo de execução ("axios" ou "playwright")
+   * @returns {string} Modo configurado
+   */
+  setMode(mode) {
+    if (mode === "playwright" && isTermux()) {
+      mode = "axios";
+    }
+
+    if (mode === "playwright" && !playwright) {
+      mode = "axios";
+    }
+
+    if (mode === "playwright") {
+      if (!this.ensurePlaywrightBrowsers()) {
+        mode = "axios";
+      }
+    }
+
+    this.mode = mode;
+    return this.mode;
+  }
+
+  /**
+   * 📋 Retorna o modo atual
+   * @returns {string} Modo de execução atual
+   */
+  getMode() {
+    return this.mode;
+  }
+
+  /**
+   * ✅ Verifica se o modo Playwright está disponível
+   * @returns {boolean} true se disponível
+   */
+  isPlaywrightAvailable() {
+    return !isTermux() && playwright !== null;
+  }
+}
+
+/**
+ * 📱 Verifica se está executando no Termux (Android)
+ * @returns {boolean} true se estiver no Termux
+ */
+function isTermux() {
+  if (process.env.TERMUX_VERSION) return true;
+  if (process.env.PREFIX?.includes("com.termux")) return true;
+
+  const hostname = os.hostname();
+  if (hostname && (
+    hostname.toLowerCase().includes("termux") ||
+    hostname.toLowerCase().includes("android")
+  )) return true;
+
+  try {
+    if (fs.existsSync("/data/data/com.termux")) return true;
+  } catch (e) { }
+
+  return false;
+}
+
+module.exports = { BrowserManager, isTermux };