-
Notifications
You must be signed in to change notification settings - Fork 59
Expand file tree
/
Copy pathXSS-Check.py
More file actions
51 lines (51 loc) · 2.16 KB
/
Copy pathXSS-Check.py
File metadata and controls
51 lines (51 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin
from colorama import Fore, init, Style
from progress.bar import ChargingBar
init(autoreset=True)
# Get all forms of the mentioned URL
def getAllForms(url):
page = requests.get(url)
parser = BeautifulSoup(page.content, 'html.parser')
return parser.find_all('form')
f = open("payloads.txt", "r").readlines()
successful_payloads = []
def xss():
forms = getAllForms(url)
for form in forms:
# Getting Payload Scripts for Payloads file
bar = ChargingBar(Fore.GREEN + 'Injecting Scripts and finding XSS Vulnerability', max=36)
for payload in f:
bar.next()
# Getting the URL where the form data will be sent
action = form.attrs.get('action').lower()
finalURL = urljoin(url, action)
# Getting the Method through which form data will be sent (GET/POST)
# By default, the method is GET
method = form.attrs.get('method', 'get').lower()
# Filling the Form with Random Data basically the script from Payloads
randomData = {}
for input in form.find_all('input'):
if input['type'] == 'text' or input['type'] == 'search':
input['value'] = payload
inputName = input.get('name')
inputValue = input.get('value')
if inputName and inputValue:
randomData[inputName] = inputValue
if method=='post':
content = requests.post(finalURL, data=randomData)
else:
content = requests.get(finalURL, params=randomData)
# Return True if Payload was successfully Injected
if payload in content.text:
successful_payloads.append(payload)
bar.finish()
url = input(Fore.BLUE + "\nEnter the URL: ")
vulnerable = xss()
if len(successful_payloads):
print(Fore.GREEN + "\nSite is vulnerable to XSS Attack!\n")
for i in successful_payloads:
print(Fore.CYAN + "Payload Injected Successfully --> " + Fore.YELLOW + i)
else:
print(Fore.RED + Style.BRIGHT + "\nXSS Vulnerability not Present!")