MCPcopy
hub / github.com/s0md3v/XSStrike / crawl

Function crawl

modes/crawl.py:16–63  ·  view source on GitHub ↗
(scheme, host, main_url, form, blindXSS, blindPayload, headers, delay, timeout, encoding)

Source from the content-addressed store, hash-verified

14
15
16def crawl(scheme, host, main_url, form, blindXSS, blindPayload, headers, delay, timeout, encoding):
17 if form:
18 for each in form.values():
19 url = each['action']
20 if url:
21 if url.startswith(main_url):
22 pass
23 elif url.startswith('//') and url[2:].startswith(host):
24 url = scheme + '://' + url[2:]
25 elif url.startswith('/'):
26 url = scheme + '://' + host + url
27 elif re.match(r'\w', url[0]):
28 url = scheme + '://' + host + '/' + url
29 if url not in core.config.globalVariables['checkedForms']:
30 core.config.globalVariables['checkedForms'][url] = []
31 method = each['method']
32 GET = True if method == 'get' else False
33 inputs = each['inputs']
34 paramData = {}
35 for one in inputs:
36 paramData[one['name']] = one['value']
37 for paramName in paramData.keys():
38 if paramName not in core.config.globalVariables['checkedForms'][url]:
39 core.config.globalVariables['checkedForms'][url].append(paramName)
40 paramsCopy = copy.deepcopy(paramData)
41 paramsCopy[paramName] = xsschecker
42 response = requester(
43 url, paramsCopy, headers, GET, delay, timeout)
44 occurences = htmlParser(response, encoding)
45 positions = occurences.keys()
46 occurences = filterChecker(
47 url, paramsCopy, headers, GET, delay, occurences, timeout, encoding)
48 vectors = generator(occurences, response.text)
49 if vectors:
50 for confidence, vects in vectors.items():
51 try:
52 payload = list(vects)[0]
53 logger.vuln('Vulnerable webpage: %s%s%s' %
54 (green, url, end))
55 logger.vuln('Vector for %s%s%s: %s' %
56 (green, paramName, end, payload))
57 break
58 except IndexError:
59 pass
60 if blindXSS and blindPayload:
61 paramsCopy[paramName] = blindPayload
62 requester(url, paramsCopy, headers,
63 GET, delay, timeout)

Callers

nothing calls this directly

Calls 4

requesterFunction · 0.90
htmlParserFunction · 0.90
filterCheckerFunction · 0.90
generatorFunction · 0.90

Tested by

no test coverage detected