Skip to content
This repository has been archived by the owner on Apr 27, 2023. It is now read-only.

Commit

Permalink
Better output
Browse files Browse the repository at this point in the history
  • Loading branch information
@MindPatch
MindPatch committed Apr 24, 2022
1 parent 62e5591 commit 9fe1608
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 60 deletions.
2 changes: 1 addition & 1 deletion scanners/src/lib.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
pub mod scan;
pub mod model;
pub mod scan;
pub use urlencoding::encode as url_encode;

#[cfg(test)]
Expand Down
1 change: 0 additions & 1 deletion scanners/src/model.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,3 @@ pub struct Report {
pub curl: String,
pub url: String,
}

8 changes: 5 additions & 3 deletions scanners/src/scan.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use std::fs::read_to_string;
use yaml_rust::YamlLoader;

mod xss;
use xss::{accept_html,XssPayloads, XssUrlParamsValue};
use xss::{accept_html, XssPayloads, XssUrlParamsValue};

#[derive(Debug)]
pub enum Payloads {
Expand Down Expand Up @@ -174,9 +174,11 @@ impl Scanner {
.start_handler(move |_| {
log::info!("Thread pool is starting");
})
.num_threads(concurrency).build().unwrap();
.num_threads(concurrency)
.build()
.unwrap();

threader.install(||{
threader.install(|| {
self.requests.par_iter().for_each(|request| {
self.modules.iter().for_each(|module| {
let module = module.as_str();
Expand Down
110 changes: 55 additions & 55 deletions scanners/src/scan/xss/mod.rs
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,34 @@
extern crate scant3r_utils;

use crate::model::Report;
use console::style;
use indicatif::ProgressBar;
use log::error;
use scant3r_utils::{
injector::{Injector, Urlinjector},
random_str,
requests::{Curl, Msg},
injector::{Injector, Urlinjector},
};
use console::style;

mod parser;
use parser::{html_parse, html_search};

mod bypass;
pub use bypass::{PayloadGen, XssPayloads};


pub fn print_poc(report: &Report) {
println!("{} Valid XSS\n{} URL: {}\n{} CURL: {}\n{} MATCH: {}\n{} PAYLOAD: \"{}\"", style("[+]").green(), style("[!]").yellow(), report.url, style("[!]").yellow(),report.curl,style("[!]").yellow(),report.match_payload,style("[!]").yellow(),report.payload.replace("\"","\\\""));
pub fn print_poc(report: &Report) -> String {
format!(
"{} Valid XSS\n{} URL: {}\n{} MATCH: {}\n{} PAYLOAD: \"{}\"\n{} CURL: {}\n",
style("[+]").green(),
style("[!]").yellow(),
report.url,
style("[!]").yellow(),
report.match_payload,
style("[!]").yellow(),
report.payload.replace("\"", "\\\""),
style("[!]").yellow(),
report.curl,
)
}

pub struct Xss<'t> {
Expand All @@ -29,8 +39,8 @@ pub struct Xss<'t> {

pub trait XssUrlParamsValue {
// scan url params value
fn value_reflected(&self) -> Vec<String>;
fn value_scan(&self, _prog: &ProgressBar) -> Vec<Report>;
fn value_reflected(&self) -> Vec<String>;
fn value_scan(&self, _prog: &ProgressBar) -> Vec<Report>;
}

impl Xss<'_> {
Expand All @@ -47,43 +57,40 @@ impl Xss<'_> {
}

pub fn accept_html(req: &Msg) -> bool {
let block_headers = vec![
"application/json",
"application/javascript",
"text/javascript",
"text/plain",
"text/css",
"image/jpeg",
"image/png",
"image/bmp",
"image/gif",
"application/rss+xml",
];
let block_headers = vec![
"application/json",
"application/javascript",
"text/javascript",
"text/plain",
"text/css",
"image/jpeg",
"image/png",
"image/bmp",
"image/gif",
"application/rss+xml",
];

let mut is_html = false;
match req.send() {
Ok(resp) => {
block_headers.iter().for_each(|header| {
if resp.headers.contains_key("Content-Type") {
if resp.headers.get("Content-Type").unwrap() == header {
is_html = true;
}
} else {
is_html = true;
}
})
},
Err(e) => {
error!("{}", e);
return false;
},
let mut is_html = false;
match req.send() {
Ok(resp) => block_headers.iter().for_each(|header| {
if resp.headers.contains_key("Content-Type") {
if resp.headers.get("Content-Type").unwrap() == header {
is_html = true;
}
} else {
is_html = true;
}
}),
Err(e) => {
error!("{}", e);
return false;
}
is_html
}
is_html
}

impl XssUrlParamsValue for Xss<'_> {

fn value_reflected(&self) -> Vec<String> {
fn value_reflected(&self) -> Vec<String> {
let mut reflected_parameters: Vec<String> = Vec::new();
let payload = random_str(5);
let check_requests = self.injector.url_value(&payload);
Expand All @@ -109,7 +116,7 @@ impl XssUrlParamsValue for Xss<'_> {
reflected_parameters
}

fn value_scan(&self, _prog: &ProgressBar) -> Vec<Report> {
fn value_scan(&self, _prog: &ProgressBar) -> Vec<Report> {
let mut _found: Vec<Report> = Vec::new();
for param in self.value_reflected() {
let mut req = self.request.clone();
Expand All @@ -130,27 +137,20 @@ impl XssUrlParamsValue for Xss<'_> {
req.url = self.injector.set_urlvalue(&param, &pay.payload);
match req.send() {
Ok(resp) => {
let d = html_search(resp.body.as_str(), &pay.search);
if d.len() > count.len() {
/*_prog.println(format!(
"FOUND XSS \nReflect: {:?}\nPayload: {}\nMatch: {}\nCURL: \n{}",
reflect,
pay.payload,
d,
req.curl()
));*/
print_poc(&Report{
let payload_found = html_search(resp.body.as_str(), &pay.search);
if payload_found.len() > count.len() {
_found.push(Report {
url: req.url.to_string(),
match_payload: d,
match_payload: payload_found.clone(),
payload: pay.payload.to_string(),
curl: req.curl(),
});
/*_found.push(Report{
_prog.println(print_poc(&Report {
url: req.url.to_string(),
match_payload: d,
match_payload: payload_found,
payload: pay.payload.to_string(),
curl: req.curl(),
});*/
}));
break;
}
}
Expand All @@ -162,5 +162,5 @@ impl XssUrlParamsValue for Xss<'_> {
}
}
_found
}
}
}

0 comments on commit 9fe1608

Please sign in to comment.