MCPcopy
hub / github.com/s0md3v/XSStrike / singleFuzz

Function singleFuzz

modes/singleFuzz.py:15–47  ·  view source on GitHub ↗
(target, paramData, encoding, headers, delay, timeout)

Source from the content-addressed store, hash-verified

13
14
15def singleFuzz(target, paramData, encoding, headers, delay, timeout):
16 GET, POST = (False, True) if paramData else (True, False)
17 # If the user hasn't supplied the root url with http(s), we will handle it
18 if not target.startswith('http'):
19 try:
20 response = requester('https://' + target, {},
21 headers, GET, delay, timeout)
22 target = 'https://' + target
23 except:
24 target = 'http://' + target
25 logger.debug('Single Fuzz target: {}'.format(target))
26 host = urlparse(target).netloc # Extracts host out of the url
27 logger.debug('Single fuzz host: {}'.format(host))
28 url = getUrl(target, GET)
29 logger.debug('Single fuzz url: {}'.format(url))
30 params = getParams(target, paramData, GET)
31 logger.debug_json('Single fuzz params:', params)
32 if not params:
33 logger.error('No parameters to test.')
34 quit()
35 WAF = wafDetector(
36 url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout)
37 if WAF:
38 logger.error('WAF detected: %s%s%s' % (green, WAF, end))
39 else:
40 logger.good('WAF Status: %sOffline%s' % (green, end))
41
42 for paramName in params.keys():
43 logger.info('Fuzzing parameter: %s' % paramName)
44 paramsCopy = copy.deepcopy(params)
45 paramsCopy[paramName] = xsschecker
46 fuzzer(url, paramsCopy, headers, GET,
47 delay, timeout, WAF, encoding)

Callers 1

xsstrike.pyFile · 0.90

Calls 6

requesterFunction · 0.90
getUrlFunction · 0.90
getParamsFunction · 0.90
wafDetectorFunction · 0.90
fuzzerFunction · 0.90
formatMethod · 0.80

Tested by

no test coverage detected