MCPcopy
hub / github.com/s0md3v/XSStrike / checker

Function checker

core/checker.py:11–45  ·  view source on GitHub ↗
(url, params, headers, GET, delay, payload, positions, timeout, encoding)

Source from the content-addressed store, hash-verified

9
10
11def checker(url, params, headers, GET, delay, payload, positions, timeout, encoding):
12 checkString = 'st4r7s' + payload + '3nd'
13 if encoding:
14 checkString = encoding(unquote(checkString))
15 response = requester(url, replaceValue(
16 params, xsschecker, checkString, copy.deepcopy), headers, GET, delay, timeout).text.lower()
17 reflectedPositions = []
18 for match in re.finditer('st4r7s', response):
19 reflectedPositions.append(match.start())
20 filledPositions = fillHoles(positions, reflectedPositions)
21 # Itretating over the reflections
22 num = 0
23 efficiencies = []
24 for position in filledPositions:
25 allEfficiencies = []
26 try:
27 reflected = response[reflectedPositions[num]
28 :reflectedPositions[num]+len(checkString)]
29 efficiency = fuzz.partial_ratio(reflected, checkString.lower())
30 allEfficiencies.append(efficiency)
31 except IndexError:
32 pass
33 if position:
34 reflected = response[position:position+len(checkString)]
35 if encoding:
36 checkString = encoding(checkString.lower())
37 efficiency = fuzz.partial_ratio(reflected, checkString)
38 if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')):
39 efficiency = 90
40 allEfficiencies.append(efficiency)
41 efficiencies.append(max(allEfficiencies))
42 else:
43 efficiencies.append(0)
44 num += 1
45 return list(filter(None, efficiencies))

Callers 2

filterCheckerFunction · 0.90
scanFunction · 0.90

Calls 3

requesterFunction · 0.90
replaceValueFunction · 0.90
fillHolesFunction · 0.90

Tested by

no test coverage detected