(scheme, host, main_url, form, blindXSS, blindPayload, headers, delay, timeout, encoding)
| 14 | |
| 15 | |
| 16 | def crawl(scheme, host, main_url, form, blindXSS, blindPayload, headers, delay, timeout, encoding): |
| 17 | if form: |
| 18 | for each in form.values(): |
| 19 | url = each['action'] |
| 20 | if url: |
| 21 | if url.startswith(main_url): |
| 22 | pass |
| 23 | elif url.startswith('//') and url[2:].startswith(host): |
| 24 | url = scheme + '://' + url[2:] |
| 25 | elif url.startswith('/'): |
| 26 | url = scheme + '://' + host + url |
| 27 | elif re.match(r'\w', url[0]): |
| 28 | url = scheme + '://' + host + '/' + url |
| 29 | if url not in core.config.globalVariables['checkedForms']: |
| 30 | core.config.globalVariables['checkedForms'][url] = [] |
| 31 | method = each['method'] |
| 32 | GET = True if method == 'get' else False |
| 33 | inputs = each['inputs'] |
| 34 | paramData = {} |
| 35 | for one in inputs: |
| 36 | paramData[one['name']] = one['value'] |
| 37 | for paramName in paramData.keys(): |
| 38 | if paramName not in core.config.globalVariables['checkedForms'][url]: |
| 39 | core.config.globalVariables['checkedForms'][url].append(paramName) |
| 40 | paramsCopy = copy.deepcopy(paramData) |
| 41 | paramsCopy[paramName] = xsschecker |
| 42 | response = requester( |
| 43 | url, paramsCopy, headers, GET, delay, timeout) |
| 44 | occurences = htmlParser(response, encoding) |
| 45 | positions = occurences.keys() |
| 46 | occurences = filterChecker( |
| 47 | url, paramsCopy, headers, GET, delay, occurences, timeout, encoding) |
| 48 | vectors = generator(occurences, response.text) |
| 49 | if vectors: |
| 50 | for confidence, vects in vectors.items(): |
| 51 | try: |
| 52 | payload = list(vects)[0] |
| 53 | logger.vuln('Vulnerable webpage: %s%s%s' % |
| 54 | (green, url, end)) |
| 55 | logger.vuln('Vector for %s%s%s: %s' % |
| 56 | (green, paramName, end, payload)) |
| 57 | break |
| 58 | except IndexError: |
| 59 | pass |
| 60 | if blindXSS and blindPayload: |
| 61 | paramsCopy[paramName] = blindPayload |
| 62 | requester(url, paramsCopy, headers, |
| 63 | GET, delay, timeout) |
nothing calls this directly
no test coverage detected