-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathxss_scanner.py
81 lines (59 loc) · 2.47 KB
/
xss_scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import requests
import time
from urllib.parse import urlparse, urlencode, parse_qs, urlunparse
from reportlab.lib.pagesizes import letter
from reportlab.lib import colors
from reportlab.platypus import SimpleDocTemplate, Table, TableStyle
REQUEST_TIMEOUT = 10
RATE_LIMIT_DELAY = 3
def test_xss(url, param, payloads):
for payload in payloads:
try:
parsed_url = urlparse(url)
query_params = parse_qs(parsed_url.query)
query_params[param] = payload
new_query = urlencode(query_params, doseq=True)
target_url = urlunparse(parsed_url._replace(query=new_query))
response = requests.get(target_url, timeout=REQUEST_TIMEOUT)
time.sleep(RATE_LIMIT_DELAY)
if payload in response.text:
return True
except requests.exceptions.RequestException as e:
print(f"Request error: {e}")
return False
def test_xss_vulnerabilities(url, params):
xss_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg onload=alert('XSS')>",
"<body onload=alert('XSS')>",
]
results = []
for param in params:
if test_xss(url, param, xss_payloads):
results.append((param, "XSS", random.choice(xss_payloads)))
return results
def generate_pdf_report(results, filename):
data = [["Parameter", "Vulnerability", "Payload"]] + results
table = Table(data)
table.setStyle(TableStyle([
('BACKGROUND', (0, 0), (-1, 0), colors.grey),
('TEXTCOLOR', (0, 0), (-1, 0), colors.whitesmoke),
('ALIGN', (0, 0), (-1, -1), 'CENTER'),
('FONTNAME', (0, 0), (-1, 0), 'Helvetica-Bold'),
('FONTSIZE', (0, 0), (-1, 0), 14),
('BOTTOMPADDING', (0, 0), (-1, 0), 12),
('BACKGROUND', (0, 1), (-1, -1), colors.beige),
('GRID', (0, 0), (-1, -1), 1, colors.black)
]))
doc = SimpleDocTemplate(filename, pagesize=letter)
doc.build([table])
if __name__ == "__main__":
target_url = input('Enter the URL of the target website: ')
params = input('Enter the parameters to test (comma-separated): ').split(',')
results = test_xss_vulnerabilities(target_url, params)
for result in results:
print(f"Vulnerability found: {result[1]} - Parameter: {result[0]} - Payload: {result[2]}")
pdf_filename = f"{target_url}-xss_report.pdf"
generate_pdf_report(results, pdf_filename)
print(f"Report generated: {pdf_filename}")