-
Notifications
You must be signed in to change notification settings - Fork 2
/
xss-check.py
43 lines (32 loc) · 1.57 KB
/
xss-check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# -*- coding: utf-8 -*-
import requests
import string
import optparse
import sys
def grabheaders(url):
print "[+]Checking " +str(url)
try:
r = requests.get(url) #request user provided url
except Exception, e:
print e #error handling
if 'X-Xss-Protection' not in r.headers: #if there is no X-Xss-Protection key
print "[-]Site " +str(url)+ " may be vulnerable to XSS"
elif "1" in (r.headers['X-Xss-Protection']): #if the X-Xss-Protection key is =1
print "[+]Site " +str(url)+ " has XSS Protection"
else: #all other circumstances other than 1 (ie 0)
print "[-]Site " +str(url)+ " may be vulnerable to XSS"
def main():
print ' by threebones \n https://github.com/threebarber\n'
parser = optparse.OptionParser() #create parser object called "parser"
parser.usage = "[+] Usage: xsscheck.py -u <url> " \
"\n[+] Example: xsscheck.py -u http://google.com " #add usage for "parser" object as well as example
parser.add_option(
'-u','--url',dest='url',type='string',help='see usage') #add url options as -u or --url
(options, args) = parser.parse_args(sys.argv) #finalize parsing portion
url = options.url #set var url to value of url option in parser
if (url) == None: #require a url or target
print parser.usage
exit(0) #check to make sure required params were assigned a value - if not, exit
grabheaders(url) #run grabheader function to check for possibility of xss
if __name__ == '__main__':
main()