Commits

gbrindisi committed 63ba0c7

Finished cli improvements

Comments (0)

Files changed (6)

core/domscanner.py

         self.errors = {}
         self.results = []
         self.javascript = []
+        self.whitelisted_js = []
         self.whitelist = []
 
         self.browser = Browser()
              skip = False
              for wl in self.whitelist:
                  if wl["hash"] == js.js_hash:
-                     print "[-] Found a whitelisted script: %s" % wl["description"]
+                     self.whitelisted_js.append(wl)
                      skip = True
                      break
 
         self.results = []
         # Container for js analysis
         self.javascript = []
+        self.wl_javascript = []
 
     def _getTargetsQueue(self):
         queue = Queue.Queue()
         Print every result
         """
         if len(self.results) == 0:
-            print "\n[X] No XSS Found :("
+            print "\n[+] " + colored.yellow("RESULT:") + " No XSS Found :("
         else:
-            print "\n[!] Found XSS Injection points in %s targets" % len(self.results)
+            print "\n[+] " + colored.green("RESULT:") + " Found XSS Injection points in " + colored.green("%s" % len(self.results)) + " targets"
+
             for r in self.results:
                 r.printResult()
 
         # Print javascript analysis
         if self.getOption("dom") and len(self.javascript) == 0:
-            print "\n[X] No DOM XSS Found :("
+            print "\n[+] " + colored.yeallow("RESULT:") + " No DOM XSS Found :("
+            if len(self.wl_javascript) != 0:
+                for wlj in self.wl_javascript:
+                    print " |- Found a whitelisted javascript: %s" % wlj["description"]
         elif self.getOption("dom"):
-            print "\n[!] Found possible dom xss in %s javascripts" % len(self.javascript)
+            print "\n[+] " + colored.green("RESULT:") + " Found possible dom xss in " + colored.green("%s" % len(self.javascript)) + " javascripts"
+            if len(self.wl_javascript) != 0:
+                for wlj in self.wl_javascript:
+                    print " |- Found a whitelisted javascript: %s" % wlj["description"]
             for js in self.javascript:
                 js.printResult()
 
         results = set(results)
         
         if errors:
-            print " |-[+] " + colored.red("CRAWL ERRORS!")
+            print " |--[+] " + colored.red("CRAWL ERRORS!")
             for ek, ev in errors.iteritems():
-                print " |  |- %s times %s" % (len(ev), ek)
+                print " |   |- %sx: %s" % (len(ev), ek)
         if len(results) > 0:
             print " |- " + colored.green("SUCCESS: ") +  "Found %s unique targets." % len(results)
         else:
             try:
                 if queue.empty() is True:
                     break
-                sys.stderr.write("\r |- Remaining targets: %s" % queue.qsize())
+                sys.stderr.write("\r |- Remaining targets: %s " % queue.qsize())
                 sys.stderr.flush()
             except KeyboardInterrupt:
                 print "\n |- " + colored.yellow("INTERRUPT!") + " Killing threads..."
         results = set(results)
 
         if errors:
-            print " |-[+] " + colored.red("CRAWL ERRORS!")
+            print " |--[+] " + colored.red("CRAWL ERRORS!")
             for ek, ev in errors.iteritems():
-                print " |  |- %s times %s" % (len(ev), ek)
+                print " |   |- %sx: %s" % (len(ev), ek)
 
         if len(results) > 0:
             print " |- " + colored.green("SUCCESS: ") + "Found %s unique forms." % len(results)
             try:
                 if queue.empty() is True:
                     break
-                sys.stderr.write("\r |- Remaining urls: %s" % queue.qsize())
+                sys.stderr.write("\r |- Remaining urls: %s " % queue.qsize())
                 sys.stderr.flush()
             except KeyboardInterrupt:
                 print "\r |- " + colored.yellow("INTERRUPT!") + " Killing threads..."
             self.results.append(r)
 
         if errors:
-            print " |-[+] " + colored.red("SCAN ERRORS!")
+            print " |--[+] " + colored.red("SCAN ERRORS!")
             for ek, ev in errors.iteritems():
-                print " |  |- %s times %s" % (len(ev), ek)
+                print " |   |- %sx: %s" % (len(ev), ek)
 
     def _scanDOMTargets(self):
         print "\n[+] Start DOM scanning (%s threads)" % self.getOption('threads')
             try:
                 if queue.empty() is True:
                     break
-                sys.stderr.write("\r |- Remaining urls: %s" % queue.qsize())
+                sys.stderr.write("\r |- Remaining urls: %s " % queue.qsize())
                 sys.stderr.flush()
             except KeyboardInterrupt:
                 print "\r |- " + colored.yellow("INTERRUPT!") + " Killing threads..."
         queue.join()
         
         # Harvest results
+        wl_javascript = []
         javascript = []
         errors = {}
         for t in threads:
             for r in t.javascript:
                 javascript.append(r)
+            for wlj in t.whitelisted_js:
+                wl_javascript.append(wlj)
             # errors
             for ek, ev in t.errors.iteritems():
                 if errors.has_key(ek):
         for r in javascript:
             if len(r.sources) > 0 | len(r.sinks) > 0:
                 self.javascript.append(r)
+        for wlj in wl_javascript:
+            self.wl_javascript.append(wlj)
 
         if errors:
-            print " |-[+] " + colored.red("SCAN ERRORS!")
+            print " |--[+] " + colored.red("SCAN ERRORS!")
             for ek, ev in errors.iteritems():
-                print " |  |- %s times %s" % (len(ev), ek)
+                print " |   |- %sx: %s" % (len(ev), ek)
        
 
     def start(self):         
         if self.getOption('dom'):
             self._scanDOMTargets()
 
-        print "[-] Scan completed in %s seconds" % (time.time() - start)
+        print " |- Scan completed in %s seconds." % (time.time() - start)
                         
         print "\n[+] Processing results..."
         self._compactResults()

core/javascript.py

 #/usr/bin/env python
 
 import hashlib
+from core.packages.clint.textui import colored 
 
 class Javascript:
     """
     
     def printResult(self):
         if len(self.sources) > 0 | len(self.sinks) > 0:
-            print "\n[+] Javascript:\t%s" % self.link
+            print " |--[!] Javascript: %s" % self.link
             if self.is_embedded:
-                print "[+]        \t(embedded)"
-            print "[-] Possible Sources:\t %s" % len(self.sources)
+                print " |   |- Type: embedded"
+            print " |   |--[+] # Possible Sources: " + colored.green("%s" % len(self.sources))
             for s in self.sources:
-                print "\t[%s] - %s" % (s[0], s[1])
-
-            print "[-] Possible Sinks:\t %s" % len(self.sinks)
+                print " |   |   |--[Line: %s] %s" % (s[0], s[1])
+            print " |   |"
+            print " |   |--[+] # Possible Sinks: " + colored.green("%s" % len(self.sinks))
             for s in self.sinks:
-                print "\t[%s] - %s" % (s[0], s[1])
+                print " |   |   |--[Line: %s] %s" % (s[0], s[1])
+            print " |   |"
             
 #/usr/bin/env python
 
 from urllib import urlencode
+from core.packages.clint.textui import colored 
 
 class Result:
     """
         if js_xss is not None: self.js_xss.append(js_xss)
 
     def printResult(self):
-        print "\n[!] Target:\t%s" % self.target.getAbsoluteUrl()
-        print "    Method:\t%s" % self.target.method
-        print "    Query String:\t%s" % urlencode(self.target.params)
+        print " |--[!] Target:\t%s" % self.target.getAbsoluteUrl()
+        print " |   |- Method:\t%s" % self.target.method
+        print " |   |- Query String:\t%s" % urlencode(self.target.params)
         for param, inj in self.injections.iteritems():
-            print "\t[%sx] Param:\t%s" % (len(inj), param)
+            print " |   |--[!] Param: %s" % param
+            print " |   |   |- # Injections: " + colored.green("%s" % len(inj))
             for k, i in enumerate(inj):
-                print "\t     Type:\t%s - %s" % (i[0][0], i[0][1]) 
+                print " |   |   |--#%s %s" % (k, i[0][1]) 
+        print " |   |"
         return True
 
     def merge(self, other):
                     # type 1
                     if htmlstate == 1 and response[index+seed_len:index+seed_len+seed_len+1] == " " + seed + "=":
                         index = index + seed_len
-                        result.append([1, "In tag: <tag foo=bar onload=...>"])
+                        result.append([1, "Payload found inside tag"])
                         continue
 
                     # XSS found in url
                     # type 2
                     if htmlurl and response[index+seed_len:index+seed_len+seed_len+1] == ":" + seed:
                         index = index + seed_len
-                        result.append([2, "In url: <tag src=foo:bar ...>"])
+                        result.append([2, "Payload found inside url tag"])
                         continue
 
                     # XSS found freely in response
                     # type 3
                     if htmlstate == 0 and response[index+seed_len:index+seed_len+seed_len+1] == "<" + seed:
                         index  = index + seed_len
-                        result.append([3, "No filter evasion: <tag><script>..."])
+                        result.append([3, "Payload found free in html"])
                         continue
 
                     # XSS found inside double quotes
                     # type 4
                     if (htmlstate == 1 or htmlstate == 2) and response[index+seed_len:index+seed_len+seed_len] == "\"" + seed:
                         index = index + seed_len
-                        result.append([4, "Inside double quotes: <tag foo=\"bar\"onload=...>"])
+                        result.append([4, "Payload found inside tag escaped from double quotes"])
                         continue
 
                     # XSS found inside single quotes
                     # type 5
                     if (htmlstate == 1 or htmlstate == 4) and response[index+seed_len:index+seed_len+seed_len] == "'" + seed:
                         index  = index + seed_len
-                        result.append([5, "Inside signle quotes: <tag foo='bar'onload=...>"])
+                        result.append([5, "Payload found inside tag escaped from single quotes"])
                         continue
 
                 else:

core/xmlparser.py

-try:
-    from lxml import etree
-except ImportError:
-    print "\n[X] Please install lxml module:"
-    print "    http://lxml.de/\n"
-    exit()
-
-import os
-
-class XMLparser():
-    def __init__(self, path):
-        try:
-            f = open(path)
-            self.xml = f.read()
-            f.close()
-            self.root = etree.XML(self.xml)
-        except IOError, e:
-            print "\n[X] Can't read xml: %s" % path
-            print e
-            #exit()
-
-
-    def getNodes(self, nodename, parent=None):
-        """
-        Return a list of nodes from root or another 
-        specified node
-        """
-        if parent is None:
-            parent = self.root
-        return [n for n in parent.iterfind(nodename)]
-
-
-path = "../lib/whitelist.xml"
-x = XMLparser(path)
-for js in x.getNodes("javascript"):
-    for h in x.getNodes("hash", parent=js):
-        print h.text
-