mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
creating tamper scripts for the XSS payloads
This commit is contained in:
parent
bf922eeb7c
commit
9de772204e
7 changed files with 70 additions and 6 deletions
0
lib/attacks/tamper_scripts/__init__.py
Normal file
0
lib/attacks/tamper_scripts/__init__.py
Normal file
5
lib/attacks/tamper_scripts/base64_encode.py
Normal file
5
lib/attacks/tamper_scripts/base64_encode.py
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
import base64
|
||||
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
return base64.b64encode(payload)
|
||||
6
lib/attacks/tamper_scripts/hex_encode.py
Normal file
6
lib/attacks/tamper_scripts/hex_encode.py
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
def tamper(payload, **kwargs):
|
||||
retval = hex(hash(payload))
|
||||
if "-" in str(retval):
|
||||
return retval[1:-1]
|
||||
else:
|
||||
return retval
|
||||
8
lib/attacks/tamper_scripts/unicode_encode.py
Normal file
8
lib/attacks/tamper_scripts/unicode_encode.py
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
def tamper(payload, **kwargs):
|
||||
i = 0
|
||||
retval = ""
|
||||
|
||||
while i < len(payload):
|
||||
retval += "%u{}".format(ord(payload[i]))
|
||||
i += 1
|
||||
return retval
|
||||
|
|
@ -5,6 +5,12 @@ import tempfile
|
|||
|
||||
import requests
|
||||
|
||||
from lib.errors import InvalidTamperProvided
|
||||
from lib.attacks.tamper_scripts import (
|
||||
unicode_encode,
|
||||
base64_encode,
|
||||
hex_encode
|
||||
)
|
||||
from lib.settings import (
|
||||
logger,
|
||||
set_color,
|
||||
|
|
@ -15,16 +21,46 @@ from lib.settings import (
|
|||
)
|
||||
|
||||
|
||||
def list_tamper_scripts(path="{}/lib/attacks/tamper_scripts"):
|
||||
retval = set()
|
||||
exclude = ["__init__.py", ".pyc"]
|
||||
for item in os.listdir(path.format(os.getcwd())):
|
||||
if not any(f in item for f in exclude):
|
||||
item = item.split(".")[0]
|
||||
item = item.split("_")[0]
|
||||
retval.add(item)
|
||||
return retval
|
||||
|
||||
|
||||
def __tamper_payload(payload, tamper_type):
|
||||
acceptable = list_tamper_scripts()
|
||||
if tamper_type in acceptable:
|
||||
if tamper_type == "unicode":
|
||||
return unicode_encode.tamper(payload)
|
||||
elif tamper_type == "hex":
|
||||
return hex_encode.tamper(payload)
|
||||
else:
|
||||
return base64_encode.tamper(payload)
|
||||
else:
|
||||
raise InvalidTamperProvided(
|
||||
"sent tamper type '{}' is not a valid type, acceptable are {}...".format(
|
||||
tamper_type, ", ".join(list(acceptable))
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def __load_payloads(filename="{}/etc/xss_payloads.txt"):
|
||||
with open(filename.format(os.getcwd())) as payloads: return payloads.readlines()
|
||||
|
||||
|
||||
def create_urls(url, payload_list):
|
||||
def create_urls(url, payload_list, tamper=None):
|
||||
tf = tempfile.NamedTemporaryFile(delete=False)
|
||||
tf_name = tf.name
|
||||
with tf as tmp:
|
||||
for payload in payload_list:
|
||||
loaded_url = "{}{}".format(url, payload)
|
||||
if tamper:
|
||||
payload = __tamper_payload(payload, tamper_type=tamper)
|
||||
loaded_url = "{}{}\n".format(url, payload)
|
||||
tmp.write(loaded_url)
|
||||
return tf_name
|
||||
|
||||
|
|
@ -53,7 +89,11 @@ def scan_xss(url, agent=None, proxy=None):
|
|||
return False, None
|
||||
|
||||
|
||||
def main_xss(start_url, verbose=False, proxy=None, agent=None):
|
||||
def main_xss(start_url, verbose=False, proxy=None, agent=None, tamper=None):
|
||||
if tamper:
|
||||
logger.info(set_color(
|
||||
"tampering payloads with '{}'...".format(tamper)
|
||||
))
|
||||
find_xss_script(start_url)
|
||||
logger.info(set_color(
|
||||
"loading payloads..."
|
||||
|
|
@ -66,7 +106,7 @@ def main_xss(start_url, verbose=False, proxy=None, agent=None):
|
|||
logger.info(set_color(
|
||||
"payloads will be written to a temporary file and read from there..."
|
||||
))
|
||||
filename = create_urls(start_url, payloads)
|
||||
filename = create_urls(start_url, payloads, tamper=tamper)
|
||||
logger.info(set_color(
|
||||
"loaded URL's have been saved to '{}'...".format(filename)
|
||||
))
|
||||
|
|
|
|||
|
|
@ -13,4 +13,7 @@ class SqlmapFailedStart(Exception): pass
|
|||
class SpiderTestFailure(Exception): pass
|
||||
|
||||
|
||||
class InvalidInputProvided(Exception): pass
|
||||
class InvalidInputProvided(Exception): pass
|
||||
|
||||
|
||||
class InvalidTamperProvided(Exception): pass
|
||||
4
zeus.py
4
zeus.py
|
|
@ -94,6 +94,8 @@ if __name__ == "__main__":
|
|||
help="Show the arguments that nmap understands")
|
||||
attacks.add_option("-P", "--show-possibles", dest="showAllConnections", action="store_true",
|
||||
help="Show all connections made during the admin panel search")
|
||||
attacks.add_option("--tamper", dest="tamperXssPayloads", metavar="TAMPER-SCRIPT",
|
||||
help="Send the XSS payloads through tampering before sending to the target")
|
||||
|
||||
# search engine options
|
||||
engines = optparse.OptionGroup(parser, "Search engine arguments",
|
||||
|
|
@ -371,7 +373,7 @@ if __name__ == "__main__":
|
|||
elif admin:
|
||||
main(url, show=opt.showAllConnections, verbose=verbose)
|
||||
elif xss:
|
||||
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use)
|
||||
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
|
||||
else:
|
||||
pass
|
||||
else:
|
||||
|
|
|
|||
Loading…
Reference in a new issue