Jump to content
Skream Example

Xss scanner

By Skream Example, in Exploituri

Recommended Posts

Skream Example Newbie

Skream Example

Posted
Posted 
#!/usr/bin/perl
use IO::Socket;
use Net::FTP;
$host = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$user = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$pass = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$log_file = shift;
$ftp=Net::FTP->new($host) or die "Impossibile connettersi a $host.\n";
$ftp->login ($user, $pass) or die "Errore durante il login.\n";
@file = $ftp->ls ();
$cont4 = 0;
$log = "Scansione sito: $host\n";
while ($cont4 < scalar (@file)){
	my $sock = new IO::Socket::INET (
	PeerHost => $host,
	PeerPort => "80",
	Proto => "tcp",
	) or die "Impossibile connettersi a $host: $!\n";
	$page = "";
	print $sock "get /@file[$cont4]\n\n";
	while (<$sock>){
	        $page .= $_;
	}
	my (@variabili, @var_method);
	$cont2 = 0;
	$cont = 0;
	while ($cont <= length ($page)){
		if ($page =~ /<form.+?method.+?('|")(.+?)("|')/){
			$method = $2;
			$page =~ /<form.+?>(.+?)<\/form>/;
			$cont5 = 0;
			$in_form = $1;
			while ($cont5 <= length ($in_form)){
				if ($in_form =~ /<(input|textarea).+?name.+?('|")(.+?)("|')/){
					@variabili [$cont2] = $3;
					@var_method [$cont2] = $method;
					$in_form =~ s/<(input|textarea).+?name.+?('|")(.+?)("|')/done/;
				}
				$cont5++;
			}
			$page =~ s/<form.+?method.+?('|")(.+?)("|')/done/;
		}
		$cont++;
	}
	close ($sock);
	$cont3 = 0;
	while ($cont3 < scalar (@variabili)){
	        my $sock = new IO::Socket::INET(
	        PeerHost => $host,
	        PeerPort => "80",
		Proto => "tcp",
	        ) or die "Impossibile connettersi a $host.\n";
		if (@var_method[$cont3] == "GET"){
	        	print $sock "get /@file[$cont4]?@variabili[$cont3]=<script>alert(1)</script>\n\n";
		}
		elsif (@var_method[$cont3] == "POST"){	
			$var = "@variabili[$cont3]=<script>alert(1)</script>";
			$to_send = "POST /pagina\n".
		        "Host: $host\n".
     	        	 "Content-Type: application/x-www-form-urlencoded\n".
		        "Content-Length: ".length($var)."\n\n".
	        	$var."\n\n"; 
			print $sock $to_send;
		}
		else {
			die "@var_method[$cont3]: Metodo sconosciuto.\n";
		}
        	$page2 = "";
	        while (<$sock>){
	                $page2 .= $_;
	        }
	        if ($page2 =~ /<script>alert\(1\)<\/script>/){
	                print "/@file[$cont4]: @variabili[$cont3] vulnerabile.\n";
			$log .= "\n/@file[$cont4]: @variabili[$cont3] vulnerabile.";
	        }
	        $cont3++;
	        close ($sock);
	}
	$cont4++;
}
if ($log_file != ""){
	open (LOG, $log_file) or die "Errore durante l'apertura del file: $!\n";
	print LOG $log;
	close ($log);
}

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...