rav-xss 1.0.28

package/src/index.js

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const { exec } = require("child_process");
+const { parseArgs, hasHelp, shouldConfigure, shouldOpenReports } = require("./cli/args");
+const { showHelp } = require("./cli/help");
+const { runWizard } = require("./cli/wizard");
+const { loadConfig, validateConfig } = require("./config/manager");
+const { XSSScanner } = require("./core/scanner");
+const { colors } = require("./config/colors");
+
+/**
+ * 📁 Abre a pasta de relatórios no explorador de arquivos
+ * @param {string} reportDir - Caminho do diretório de relatórios
+ */
+const openReportsFolder = (reportDir) => {
+  const resolvedPath = path.resolve(reportDir);
+
+  console.log(`\n${colors.text("📂 Reports folder:")} ${colors.link(resolvedPath)}\n`);
+
+  if (!fs.existsSync(resolvedPath)) {
+    console.log(colors.warning("⚠️  Reports folder doesn't exist yet. Creating..."));
+    try {
+      fs.mkdirSync(resolvedPath, { recursive: true });
+      console.log(colors.success("✅ Reports folder created!"));
+    } catch (err) {
+      console.log(colors.error(`❌ Could not create folder: ${err.message}`));
+      process.exit(1);
+    }
+  }
+
+  const platform = process.platform;
+
+  if (platform === "win32") {
+    exec(`explorer "${resolvedPath}"`);
+    setTimeout(() => {
+      console.log(colors.success("✅ Reports folder opened!"));
+      process.exit(0);
+    }, 500);
+  } else if (platform === "darwin") {
+    exec(`open "${resolvedPath}"`, (error) => {
+      if (error) {
+        console.log(colors.error(`❌ Could not open folder: ${error.message}`));
+        console.log(colors.text(`📂 Location: ${colors.link(resolvedPath)}`));
+      } else {
+        console.log(colors.success("✅ Reports folder opened!"));
+      }
+      process.exit(0);
+    });
+  } else {
+    exec(`xdg-open "${resolvedPath}"`, (error) => {
+      if (error) {
+        console.log(colors.error(`❌ Could not open folder: ${error.message}`));
+        console.log(colors.text(`📂 Location: ${colors.link(resolvedPath)}`));
+      } else {
+        console.log(colors.success("✅ Reports folder opened!"));
+      }
+      process.exit(0);
+    });
+  }
+};
+
+/**
+ * 🚀 Função principal
+ * @returns {Promise<void>}
+ */
+const main = async () => {
+  const args = parseArgs();
+
+  if (hasHelp(args)) {
+    showHelp();
+    process.exit(0);
+  }
+
+  if (shouldConfigure(args)) {
+    await runWizard();
+    process.exit(0);
+  }
+
+  if (shouldOpenReports(args)) {
+    const config = loadConfig();
+    openReportsFolder(config.scanner.report_dir);
+    return;
+  }
+
+  const config = loadConfig();
+  if (!validateConfig(config)) {
+    console.error("Invalid configuration. Run --configure to set up.");
+    process.exit(1);
+  }
+
+  if (args.mode) {
+    config.mode = args.mode;
+  }
+
+  if (args.headed) {
+    if (!config.scanner) config.scanner = {};
+    config.scanner.headless = false;
+  }
+
+  const scanner = new XSSScanner(config, args);
+  await scanner.run();
+};
+
+main().catch((err) => {
+  console.error(`\n[FATAL] ${err.message}\n`);
+  if (process.argv.includes("--verbose")) {
+    console.error(err.stack);
+  }
+  process.exit(1);
+});

package/src/utils/box.js

@@ -0,0 +1,266 @@
+"use strict";
+
+const boxen = require("boxen");
+const { colors, theme } = require("../config/colors");
+const packageInfo = require("./packageInfo");
+
+class BoxManager {
+
+  get appInfo() {
+    return packageInfo.allInfo;
+  }
+
+  createBox(content, options = {}) {
+    const defaultOptions = {
+      padding: 1,
+      margin: 1,
+      borderStyle: "round",
+      borderColor: theme.border.primary,
+      textAlignment: "left"
+    };
+
+    try {
+      return boxen(content, { ...defaultOptions, ...options });
+    } catch (error) {
+      const width = options.width || 60;
+      const border = "─".repeat(width);
+      return `\n┌${border}┐\n${content}\n└${border}┘\n`;
+    }
+  }
+
+  createWelcomeBox(config, totalPayloads, category, targetUrl) {
+    const version = packageInfo.version || "1.0.0";
+    const contentLines = [];
+
+    contentLines.push(colors.info.bold("🛡️  Bug Bounty Edition"));
+    contentLines.push(colors.dim("─".repeat(45)));
+    contentLines.push("");
+
+    try {
+      const figlet = require("figlet");
+      const bannerText = figlet.textSync(packageInfo.name.toUpperCase(), {
+        font: "ANSI Shadow",
+        horizontalLayout: "default",
+        verticalLayout: "default"
+      });
+      contentLines.push(colors.action(bannerText));
+    } catch (e) {
+      contentLines.push(colors.action.bold(`⚡ ${packageInfo.name.toUpperCase()} ⚡`));
+    }
+
+    contentLines.push("");
+    contentLines.push(`${colors.icon.link} ${colors.link(packageInfo.site)}`);
+    contentLines.push("");
+
+    const infoItems = [
+      `${colors.icon.version} ${colors.muted("Version:")} ${colors.primary.bold("v" + version)}`,
+      `${colors.icon.payload} ${colors.muted("Payloads:")} ${colors.primary.bold(String(totalPayloads))}`,
+      `${colors.icon.category} ${colors.muted("Category:")} ${colors.highlight(category || "Not selected")}`,
+      `${colors.icon.target} ${colors.muted("Target:")} ${colors.url(this.truncateUrl(targetUrl))}`
+    ];
+
+    contentLines.push(infoItems.join(`\n`));
+
+    const content = contentLines.join("\n");
+
+    return this.createBox(content, {
+      borderStyle: "round",
+      borderColor: theme.border.primary,
+      padding: {
+        top: 1,
+        bottom: 2,
+        left: 3,
+        right: 3
+      },
+      margin: 1,
+      textAlignment: "center"
+    });
+  }
+
+  createTargetBox(target, index, total) {
+    const formattedContent = [
+      `${colors.primary.bold(`Target ${index + 1} of ${total}`)} ${colors.dim("•")} ${colors.title(target.name || "CLI Target")}`,
+      colors.text(target.url)
+    ].join("\n");
+
+    return this.createBox(formattedContent, {
+      borderStyle: "round",
+      borderColor: theme.border.info,
+      padding: 1,
+      margin: { top: 1, bottom: 1 }
+    });
+  }
+
+  /**
+ * 📊 Cria box de resultado do scan
+ * @param {Object} results - Resultados do scan
+ * @param {string} targetUrl - URL alvo
+ * @param {string} category - Categoria testada
+ * @param {string} duration - Duração do scan
+ * @param {string} reportPath - Caminho do relatório
+ * @param {string} reportDir - Diretório de relatórios
+ * @returns {string} Box formatado
+ */
+  createResultBox(results, targetUrl, category, duration, reportPath, reportDir) {
+    const hasVulns = results.vulns_found > 0;
+    const statusIcon = hasVulns ? colors.icon.error : colors.icon.success;
+    const statusColor = hasVulns ? colors.error : colors.success;
+    const statusText = hasVulns ? `${results.vulns_found} XSS FOUND` : "ALL CLEAN";
+
+    const isTermux = this.detectTermux();
+    const maxWidth = isTermux ? 80 : 80;
+    const boxWidth = isTermux ? 90 : 100;
+
+    const displayReportPath = this.wrapPath(reportPath, maxWidth, "Report");
+    const displayReportDir = this.wrapPath(reportDir, maxWidth, "Reports folder");
+
+    const contentLines = [
+      `${colors.action.bold(`${statusIcon}  SCAN COMPLETE`)}`,
+      "",
+      `${colors.muted("Target")}    ${colors.url(this.truncateUrl(targetUrl, maxWidth))}`,
+      `${colors.muted("Category")}  ${colors.highlight(category)}`,
+      `${colors.muted("Tests")}     ${colors.primary.bold(String(results.total_tests))}`,
+      `${colors.muted("Duration")}  ${colors.highlight.bold(duration + "s")}`,
+      `${colors.muted("Result")}    ${statusColor.bold(statusText)}`,
+      "",
+      `${colors.muted("📄 Report:")}`,
+      `${colors.link(displayReportPath)}`,
+    ];
+
+    if (reportDir) {
+      contentLines.push("");
+      contentLines.push(`${colors.muted("📂 Reports folder:")}`);
+      contentLines.push(`${colors.dim(displayReportDir)}`);
+    }
+
+    contentLines.push("");
+    contentLines.push(`${colors.dim("─".repeat(50))}`);
+    contentLines.push("");
+
+    if (isTermux && reportDir) {
+      contentLines.push(`${colors.muted("📋 List reports (Termux):")}`);
+      contentLines.push(`${colors.action.bold(`  ls -la ${reportDir}/`)}`);
+      contentLines.push("");
+    }
+
+    contentLines.push(`${colors.text("📁 To open reports folder:")}`);
+    contentLines.push(`${colors.action.bold("  rav-xss --open-reports")}`);
+    contentLines.push(`${colors.muted("  or")}`);
+    contentLines.push(`${colors.action.bold("  rav-xss -r")}`);
+
+    return this.createBox(contentLines.join("\n"), {
+      borderStyle: "double",
+      padding: isTermux ? { top: 1, bottom: 1, left: 2, right: 2 } : 2,
+      margin: { top: 2, bottom: 1 },
+      borderColor: hasVulns ? theme.border.error : theme.border.success,
+      width: isTermux ? boxWidth : undefined
+    });
+  }
+
+  /**
+   * 📱 Detecta se está executando no Termux
+   * @returns {boolean} true se estiver no Termux
+   */
+  detectTermux() {
+    if (process.env.TERMUX_VERSION) return true;
+    if (process.env.PREFIX?.includes("com.termux")) return true;
+
+    try {
+      const os = require("os");
+      const hostname = os.hostname();
+      if (hostname && (
+        hostname.toLowerCase().includes("termux") ||
+        hostname.toLowerCase().includes("android")
+      )) return true;
+    } catch (e) { }
+
+    try {
+      const fs = require("fs");
+      if (fs.existsSync("/data/data/com.termux")) return true;
+    } catch (e) { }
+
+    return false;
+  }
+
+  /**
+   * 📏 Formata caminho com quebra de linha se necessário
+   * @param {string} filePath - Caminho completo
+   * @param {number} maxLength - Tamanho máximo por linha
+   * @param {string} label - Rótulo para indentação
+   * @returns {string} Caminho formatado
+   */
+  wrapPath(filePath, maxLength = 55, label = "") {
+    if (!filePath) return "N/A";
+
+    const indent = " ".repeat(14);
+
+    if (filePath.length <= maxLength) {
+      return filePath;
+    }
+
+    const parts = [];
+    let remaining = filePath;
+    let firstLine = true;
+
+    while (remaining.length > 0) {
+      if (remaining.length <= maxLength) {
+        parts.push(remaining);
+        break;
+      }
+
+      let splitPos = remaining.lastIndexOf("/", maxLength);
+      if (splitPos === -1 || splitPos < maxLength / 2) {
+        splitPos = remaining.lastIndexOf("\\", maxLength);
+      }
+      if (splitPos === -1 || splitPos < maxLength / 2) {
+        splitPos = maxLength;
+      }
+
+      parts.push(remaining.substring(0, splitPos + 1));
+      remaining = remaining.substring(splitPos + 1);
+      firstLine = false;
+    }
+
+    const formattedParts = parts.map((part, index) => {
+      if (index === 0) return part;
+      return indent + part;
+    });
+
+    return formattedParts.join("\n");
+  }
+
+  createExitBox() {
+    const content = [
+      colors.highlight.bold("👋 GOODBYE!"),
+      "",
+      colors.text(packageInfo.name),
+      colors.muted("Authorized testing only"),
+      "",
+      `${colors.text("Feito com")} ${colors.danger("💚")} ${colors.text("por")} ${colors.primary.bold(packageInfo.wuser)}`,
+      "",
+      `${colors.icon.link} ${colors.link(packageInfo.site)}`
+    ].join("\n");
+
+    return this.createBox(content, {
+      borderStyle: "round",
+      borderColor: theme.border.warning,
+      padding: 2,
+      margin: 1,
+      textAlignment: "center"
+    });
+  }
+
+  /**
+   * 🔗 Trunca a URL para exibição compacta
+   * @param {string} url - URL completa
+   * @param {number} maxLength - Comprimento máximo
+   * @returns {string} URL truncada
+   */
+  truncateUrl(url, maxLength = 55) {
+    if (!url) return "N/A";
+    if (url.length <= maxLength) return url;
+    return url.substring(0, maxLength - 3) + "...";
+  }
+}
+
+module.exports = new BoxManager();

package/src/utils/helpers.js

@@ -0,0 +1,22 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+
+const ensureDir = (dirPath) => {
+  if (!fs.existsSync(dirPath)) {
+    fs.mkdirSync(dirPath, { recursive: true });
+  }
+  return true;
+};
+
+const timestamp = () => new Date().toISOString().replace(/[:.]/g, "-");
+
+const loadPayloads = (filePath) => {
+  const content = fs.readFileSync(filePath, "utf8");
+  return content.split("\n").map(l => l.trim()).filter(Boolean);
+};
+
+module.exports = { sleep, ensureDir, timestamp, loadPayloads };

package/src/utils/logger.js

@@ -0,0 +1,44 @@
+"use strict";
+
+const { colors } = require("../config/colors");
+const boxManager = require("./box");
+const packageInfo = require("./packageInfo");
+
+class Logger {
+  static log(level, msg) {
+    const styles = {
+      info: `${colors.action.bold("  ℹ  ")}${colors.text(msg)}`,
+      vuln: `${colors.error.bold("  ⚠  ")}${colors.danger(msg)}`,
+      safe: `${colors.success("  ✓  ")}${colors.muted(msg)}`,
+      warn: `${colors.warning.bold("  ⚡ ")}${colors.highlight2(msg)}`,
+      done: `${colors.success.bold("  ✔  ")}${colors.text(msg)}`,
+      error: `${colors.error.bold("  ✗  ")}${colors.danger(msg)}`
+    };
+    console.log(styles[level] || `        ${msg}`);
+  }
+
+  static showBanner(config, totalPayloads, category, targetUrl) {
+    console.clear();
+    const banner = boxManager.createWelcomeBox(config, totalPayloads, category, targetUrl);
+    console.log(banner);
+    console.log(colors.dim("\n" + "─".repeat(60) + "\n"));
+  }
+
+  static showTarget(target, index, total) {
+    const box = boxManager.createTargetBox(target, index, total);
+    console.log(box);
+  }
+
+  static showResults(results, targetUrl, category, duration, reportPath, reportDir) {
+    const box = boxManager.createResultBox(results, targetUrl, category, duration, reportPath, reportDir);
+    console.log(box);
+  }
+
+  static showExit() {
+    console.clear();
+    const box = boxManager.createExitBox();
+    console.log(box);
+  }
+}
+
+module.exports = { Logger };

package/src/utils/packageInfo.js

@@ -0,0 +1,192 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+/**
+ * 📄 Carrega informações do package.json
+ */
+class PackageInfo {
+  constructor() {
+    this.packageData = this.loadPackageInfo();
+  }
+
+  /**
+   * Carrega informações do package.json
+   * @returns {Object} Dados do package.json
+   * @private
+   */
+  loadPackageInfo() {
+    try {
+      const possiblePaths = [
+        path.join(__dirname, "..", "..", "package.json"),
+        path.join(__dirname, "..", "package.json"),
+        path.join(process.cwd(), "package.json"),
+        path.join(__dirname, "package.json"),
+      ];
+
+      let packagePath = null;
+      let packageJson = null;
+
+      const triedPaths = [];
+
+      for (const testPath of possiblePaths) {
+        triedPaths.push(testPath);
+        if (fs.existsSync(testPath)) {
+          packagePath = testPath;
+          packageJson = fs.readFileSync(testPath, "utf8");
+          break;
+        }
+      }
+
+      if (!packagePath || !packageJson) {
+        throw new Error(
+          `package.json not found!\n` +
+          `Tried paths:\n` +
+          triedPaths.map(p => `  - ${p} (${fs.existsSync(p) ? 'EXISTS' : 'NOT FOUND'})`).join("\n")
+        );
+      }
+
+      const data = JSON.parse(packageJson);
+
+      return {
+        name: data.name || "rav-xss",
+        version: data.version || "V1",
+        wuser: "RavenaStar",
+        site: "https://ravenastar.com",
+        description: data.description || "⚙️ CLI/NPM | RAV XSS | 🎯 Basic Reflected XSS scanner for bug bounty programs.",
+        author: data.author || "RavenaStar",
+        license: data.license || "MIT",
+        homepage: data.homepage || "https://github.com/ravenastar-js/rav-xss/"
+      };
+    } catch (error) {
+      if (process.argv.includes("--verbose") || process.env.NODE_ENV === "development") {
+        console.error("❌ Erro ao carregar package.json:", error.message);
+      }
+      return this.getFallbackInfo();
+    }
+  }
+
+  /**
+   * Informações de fallback
+   * @returns {Object} Dados padrão
+   */
+  getFallbackInfo() {
+    return {
+      name: "rav-xss",
+      version: "V1",
+      wuser: "RavenaStar",
+      site: "https://ravenastar.com",
+      description: "⚙️ CLI/NPM | RAV XSS | 🎯 Basic Reflected XSS scanner for bug bounty programs.",
+      author: "ravenastar-js",
+      license: "MIT",
+      homepage: "https://github.com/ravenastar-js/rav-xss/"
+    };
+  }
+
+  /**
+   * Força recarregar do disco (útil se o package.json foi atualizado)
+   */
+  reload() {
+    this.packageData = this.loadPackageInfo();
+    return this.packageData;
+  }
+
+  /**
+   * Retorna todas as informações
+   * @returns {Object} Todas as informações
+   */
+  get allInfo() {
+    return this.packageData;
+  }
+
+  /**
+   * Retorna o nome
+   * @returns {string} Nome do pacote
+   */
+  get name() {
+    return this.packageData.name;
+  }
+
+  /**
+   * Retorna a versão
+   * @returns {string} Versão
+   */
+  get version() {
+    return this.packageData.version;
+  }
+
+  /**
+   * Retorna a descrição
+   * @returns {string} Descrição
+   */
+  get description() {
+    return this.packageData.description;
+  }
+
+  /**
+   * Retorna o autor
+   * @returns {string} Autor
+   */
+  get author() {
+    return this.packageData.author;
+  }
+
+  /**
+   * Retorna o usuário/criador
+   * @returns {string} wuser
+   */
+  get wuser() {
+    return this.packageData.wuser;
+  }
+
+  /**
+   * Retorna o site
+   * @returns {string} Site
+   */
+  get site() {
+    return this.packageData.site;
+  }
+
+  /**
+   * Retorna a licença
+   * @returns {string} Licença
+   */
+  get license() {
+    return this.packageData.license;
+  }
+
+  /**
+   * Retorna a homepage
+   * @returns {string} Homepage
+   */
+  get homepage() {
+    return this.packageData.homepage;
+  }
+
+  /**
+   * Debug: Mostra qual caminho foi usado
+   * @returns {string} Caminho do package.json
+   */
+  get debugPath() {
+    try {
+      const possiblePaths = [
+        path.join(__dirname, "..", "..", "package.json"),
+        path.join(__dirname, "..", "package.json"),
+        path.join(process.cwd(), "package.json"),
+        path.join(__dirname, "package.json"),
+      ];
+
+      for (const testPath of possiblePaths) {
+        if (fs.existsSync(testPath)) {
+          return `FOUND: ${testPath}`;
+        }
+      }
+      return "NOT FOUND in any path";
+    } catch (e) {
+      return "ERROR: " + e.message;
+    }
+  }
+}
+
+module.exports = new PackageInfo();

package/src/utils/reporter.js

@@ -0,0 +1,56 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { timestamp } = require("./helpers");
+
+class Reporter {
+  constructor(reportDir) {
+    this.reportDir = path.resolve(reportDir);
+  }
+
+  generateTextReport(results, targetUrl) {
+    const duration = ((new Date(results.scan_end) - new Date(results.scan_start)) / 1000).toFixed(1);
+    let report = "";
+    report += "═".repeat(60) + "\n";
+    report += "  XSS REFLECTION SCANNER — REPORT\n";
+    report += "═".repeat(60) + "\n\n";
+    report += `  Date       : ${new Date(results.scan_start).toLocaleString("en-US")}\n`;
+    report += `  Target     : ${targetUrl}\n`;
+    report += `  Duration   : ${duration}s\n`;
+    report += `  Tests      : ${results.total_tests}\n`;
+    report += `  Vulnerable : ${results.vulns_found}\n`;
+    report += "\n" + "─".repeat(60) + "\n\n";
+
+    if (results.findings.length > 0) {
+      report += "  FINDINGS:\n";
+      report += "  " + "─".repeat(55) + "\n";
+      for (const f of results.findings) {
+        report += `\n  [#${f.index}] ${f.payload}\n`;
+        report += `  URL: ${f.url}\n`;
+      }
+    } else {
+      report += "  ✓ No reflected XSS detected.\n";
+    }
+
+    report += "\n" + "═".repeat(60) + "\n";
+    report += `  Completed: ${new Date(results.scan_end).toLocaleString("en-US")}\n`;
+    report += "  Authorized testing only.\n";
+    report += "═".repeat(60) + "\n";
+    return report;
+  }
+
+  saveReport(results, targetUrl) {
+    if (!fs.existsSync(this.reportDir)) {
+      fs.mkdirSync(this.reportDir, { recursive: true });
+    }
+
+    const ts = timestamp();
+    const textReport = this.generateTextReport(results, targetUrl);
+    const textPath = path.join(this.reportDir, `xss_report_${ts}.txt`).replace(/\\/g, "/");
+    fs.writeFileSync(textPath, textReport);
+    return { textPath };
+  }
+}
+
+module.exports = { Reporter };