Jump to content
Skream Example

Xss scanner

By Skream Example, in Exploituri

Recommended Posts

Skream Example Newbie

Skream Example

Posted
Posted 
#!/usr/bin/perl
use IO::Socket;
use Net::FTP;
$host = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$user = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$pass = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$log_file = shift;
$ftp=Net::FTP->new($host) or die "Impossibile connettersi a $host.\n";
$ftp->login ($user, $pass) or die "Errore durante il login.\n";
@file = $ftp->ls ();
$cont4 = 0;
$log = "Scansione sito: $host\n";
while ($cont4 < scalar (@file)){
	my $sock = new IO::Socket::INET (
	PeerHost => $host,
	PeerPort => "80",
	Proto => "tcp",
	) or die "Impossibile connettersi a $host: $!\n";
	$page = "";
	print $sock "get /@file[$cont4]\n\n";
	while (<$sock>){
	        $page .= $_;
	}
	my (@variabili, @var_method);
	$cont2 = 0;
	$cont = 0;
	while ($cont <= length ($page)){
		if ($page =~ /<form.+?method.+?('|")(.+?)("|')/){
			$method = $2;
			$page =~ /<form.+?>(.+?)<\/form>/;
			$cont5 = 0;
			$in_form = $1;
			while ($cont5 <= length ($in_form)){
				if ($in_form =~ /<(input|textarea).+?name.+?('|")(.+?)("|')/){
					@variabili [$cont2] = $3;
					@var_method [$cont2] = $method;
					$in_form =~ s/<(input|textarea).+?name.+?('|")(.+?)("|')/done/;
				}
				$cont5++;
			}
			$page =~ s/<form.+?method.+?('|")(.+?)("|')/done/;
		}
		$cont++;
	}
	close ($sock);
	$cont3 = 0;
	while ($cont3 < scalar (@variabili)){
	        my $sock = new IO::Socket::INET(
	        PeerHost => $host,
	        PeerPort => "80",
		Proto => "tcp",
	        ) or die "Impossibile connettersi a $host.\n";
		if (@var_method[$cont3] == "GET"){
	        	print $sock "get /@file[$cont4]?@variabili[$cont3]=<script>alert(1)</script>\n\n";
		}
		elsif (@var_method[$cont3] == "POST"){	
			$var = "@variabili[$cont3]=<script>alert(1)</script>";
			$to_send = "POST /pagina\n".
		        "Host: $host\n".
     	        	 "Content-Type: application/x-www-form-urlencoded\n".
		        "Content-Length: ".length($var)."\n\n".
	        	$var."\n\n"; 
			print $sock $to_send;
		}
		else {
			die "@var_method[$cont3]: Metodo sconosciuto.\n";
		}
        	$page2 = "";
	        while (<$sock>){
	                $page2 .= $_;
	        }
	        if ($page2 =~ /<script>alert\(1\)<\/script>/){
	                print "/@file[$cont4]: @variabili[$cont3] vulnerabile.\n";
			$log .= "\n/@file[$cont4]: @variabili[$cont3] vulnerabile.";
	        }
	        $cont3++;
	        close ($sock);
	}
	$cont4++;
}
if ($log_file != ""){
	open (LOG, $log_file) or die "Errore durante l'apertura del file: $!\n";
	print LOG $log;
	close ($log);
}

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...