Skip to content

Commit 62e5591

Browse files
MindPatchMindPatch
committed
Better output
1 parent 5d1003b commit 62e5591

File tree

10 files changed

+80
-123
lines changed

10 files changed

+80
-123
lines changed

Cargo.lock

Lines changed: 0 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

TODO.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
* Create XSS payload generator
2-
* Async Lua function
3-
* Better error handling
1+
* [x] Create XSS payload generator
2+
* [] Async Lua function
3+
* [] Better error handling

scanners/Cargo.toml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,3 @@ scraper = "0.12.0"
1717
urlencoding = "2.1.0"
1818
fancy-regex = "0.8.0"
1919
yaml-rust = "0.4.5"
20-
yaml-validator = "0.1.0"

scanners/src/lib.rs

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,6 @@ pub use urlencoding::encode as url_encode;
44

55
#[cfg(test)]
66
mod tests {
7-
#[test]
8-
fn it_works() {
9-
let result = 2 + 2;
10-
assert_eq!(result, 4);
11-
}
12-
137
#[test]
148
fn test_urlencode() {
159
let url = "http://www.google.com/search?q=rust+language";

scanners/src/scan/xss/mod.rs

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,16 +6,21 @@ use log::error;
66
use scant3r_utils::{
77
random_str,
88
requests::{Curl, Msg},
9-
Injector::{Injector, Urlinjector},
9+
injector::{Injector, Urlinjector},
1010
};
11-
use std::collections::HashMap;
11+
use console::style;
1212

1313
mod parser;
1414
use parser::{html_parse, html_search};
1515

1616
mod bypass;
1717
pub use bypass::{PayloadGen, XssPayloads};
1818

19+
20+
pub fn print_poc(report: &Report) {
21+
println!("{} Valid XSS\n{} URL: {}\n{} CURL: {}\n{} MATCH: {}\n{} PAYLOAD: \"{}\"", style("[+]").green(), style("[!]").yellow(), report.url, style("[!]").yellow(),report.curl,style("[!]").yellow(),report.match_payload,style("[!]").yellow(),report.payload.replace("\"","\\\""));
22+
}
23+
1924
pub struct Xss<'t> {
2025
request: &'t Msg,
2126
injector: Injector,
@@ -127,19 +132,25 @@ impl XssUrlParamsValue for Xss<'_> {
127132
Ok(resp) => {
128133
let d = html_search(resp.body.as_str(), &pay.search);
129134
if d.len() > count.len() {
130-
_prog.println(format!(
135+
/*_prog.println(format!(
131136
"FOUND XSS \nReflect: {:?}\nPayload: {}\nMatch: {}\nCURL: \n{}",
132137
reflect,
133138
pay.payload,
134139
d,
135140
req.curl()
136-
));
137-
_found.push(Report{
141+
));*/
142+
print_poc(&Report{
138143
url: req.url.to_string(),
139144
match_payload: d,
140145
payload: pay.payload.to_string(),
141146
curl: req.curl(),
142147
});
148+
/*_found.push(Report{
149+
url: req.url.to_string(),
150+
match_payload: d,
151+
payload: pay.payload.to_string(),
152+
curl: req.curl(),
153+
});*/
143154
break;
144155
}
145156
}

scripting/src/func.rs

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,21 @@
11
extern crate scant3r_utils;
22
use hlua::{
33
Lua,
4-
function1, function3,
4+
function1
55
};
6+
use scant3r_utils::requests::{Msg,Settings};
67
use std::fs::File;
78

9+
fn sender(url: String) -> String {
10+
let req = Msg::new()
11+
.url(url)
12+
.method("GET".to_string());
13+
match req.send() {
14+
Ok(test) => println!("TEST"),
15+
Err(e) => println!("ERR"),
16+
}
17+
String::from("TES")
18+
}
819
fn bruh(name: String) -> String {
920
format!("YEAH BOOYAH {}",name)
1021
}

utils/src/injector.rs

Lines changed: 15 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@ pub struct Injector {
88
}
99

1010
pub trait Urlinjector {
11-
fn url_value(&self, _payload: &str) -> HashMap<String, Vec<Url>>;
12-
fn set_urlvalue(&self, param: &str, _payload: &str) -> Url;
11+
fn url_value(&self, payload: &str) -> HashMap<String, Vec<Url>>;
12+
fn set_urlvalue(&self, param: &str, payload: &str) -> Url;
1313
}
1414

1515
impl Urlinjector for Injector {
16-
fn set_urlvalue(&self, param: &str, _payload: &str) -> Url {
16+
fn set_urlvalue(&self, param: &str, payload: &str) -> Url {
1717
let mut url = self.request.clone();
1818
let mut final_params = HashMap::new();
1919

@@ -25,9 +25,9 @@ impl Urlinjector for Injector {
2525
if k == param {
2626
final_params.insert(k.to_string(), {
2727
if self.keep_value == true {
28-
format!("{}{}", v.to_string(), _payload)
28+
format!("{}{}", v.to_string(), payload)
2929
} else {
30-
format!("{}", _payload)
30+
format!("{}", payload)
3131
}
3232
});
3333
} else {
@@ -39,44 +39,34 @@ impl Urlinjector for Injector {
3939
url
4040
}
4141

42-
/// Set the payload to every GET parameter in the url
43-
/// * example :
44-
/// ```rust
45-
/// let injector = Injector {
46-
/// request: Url::parse("http://example.com/index.php?param1=value1&param2=value2").unwrap(),
47-
/// };
48-
/// let mut urls = injector.url_value("hacker");
49-
/// assert_eq!(urls.len(),2);
50-
/// {"param1":url::Url::parse("http://example.com/index.php?param1=value1hacker&param2=value2").unwrap(),"param2":url::Url::parse("http://example.com/index.php?param1=value1&param2=value2hacker").unwrap()}
51-
/// ```
52-
fn url_value(&self, _payload: &str) -> HashMap<String, Vec<Url>> {
42+
fn url_value(&self, payload: &str) -> HashMap<String, Vec<Url>> {
5343
let url = self.request.clone();
54-
let _params: HashMap<_, _> = url.query_pairs().collect::<HashMap<_, _>>();
44+
let params: HashMap<_, _> = url.query_pairs().collect::<HashMap<_, _>>();
5545
let mut scan_params = HashMap::new();
56-
let mut bruh: HashMap<String, Vec<Url>> = HashMap::new();
46+
let mut result: HashMap<String, Vec<Url>> = HashMap::new();
5747
let mut param_list = Vec::new();
58-
_params.iter().for_each(|(key, value)| {
48+
params.iter().for_each(|(key, value)| {
5949
scan_params.insert(key.to_string(), value.to_string());
6050
param_list.push(key.to_string());
6151
});
62-
drop(_params);
52+
drop(params);
6353

6454
scan_params.iter().for_each(|(key, value)| {
65-
let mut p = Vec::new();
55+
let mut edit_params = Vec::new();
6656

67-
_payload.split("\n").into_iter().for_each(|payload| {
57+
payload.split("\n").into_iter().for_each(|payload| {
6858
let mut new_params = scan_params.clone();
6959
new_params.insert(key.to_string(), value.as_str().to_owned() + payload);
7060
let mut new_url = url.clone();
7161
new_url.query_pairs_mut().clear();
7262

7363
new_url.query_pairs_mut().extend_pairs(&new_params);
7464

75-
p.push(new_url);
65+
edit_params.push(new_url);
7666
});
7767

78-
bruh.insert(key.to_string(), p);
68+
result.insert(key.to_string(), edit_params);
7969
});
80-
bruh
70+
result
8171
}
8272
}

utils/src/lib.rs

Lines changed: 28 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,4 @@
1-
#[allow(non_snake_case)]
2-
#[path = "./injector.rs"]
3-
pub mod Injector;
4-
pub mod poc;
1+
pub mod injector;
52
pub mod requests;
63
use rand::distributions::Alphanumeric;
74
use rand::{thread_rng, Rng};
@@ -12,7 +9,7 @@ use urlencoding::encode as url_encode;
129
pub fn urlencode(s: &str, many: Option<u8>) -> String {
1310
let mut after_encode = String::from(s);
1411
for _ in 0..many.unwrap_or(1) {
15-
after_encode = url_encode(s).to_string();
12+
after_encode = url_encode(&after_encode).to_string();
1613
}
1714
after_encode
1815
}
@@ -47,14 +44,38 @@ pub fn extract_headers_vec(header: Vec<String>) -> HashMap<String, String> {
4744

4845
#[cfg(test)]
4946
mod tests {
47+
use reqwest::Url;
48+
use std::collections::HashMap;
49+
use crate::injector::{self, Urlinjector};
50+
5051
#[test]
51-
fn it_works() {
52+
fn check_headers() {
5253
let result = super::extract_headers("Content-Type: application/json".to_string());
5354
assert_eq!(result.get("Content-Type").unwrap(), "application/json");
5455
}
5556
#[test]
5657
fn check_urlencode() {
57-
let result = super::urlencode("http://www.google.com", None);
58+
let result = super::urlencode("http://www.google.com", Some(2));
5859
assert_eq!(result, "http%3A%2F%2Fwww.google.com");
5960
}
61+
#[test]
62+
fn check_header_vec() {
63+
let mut test_result = HashMap::new();
64+
test_result.insert("Server".to_string(), "Nginx".to_string());
65+
let result = super::extract_headers_vec(vec!["Server: Nginx".to_string()]);
66+
assert_eq!(test_result,result);
67+
}
68+
#[test]
69+
fn check_url_injector_keepvalue() {
70+
let mut test_params = HashMap::new();
71+
test_params.insert("test".to_string(), vec![Url::parse("http://google.com/?test=1hello").unwrap()]);
72+
let inj = injector::Injector{
73+
request: Url::parse("http://google.com/?test=1").unwrap(),
74+
keep_value: true
75+
};
76+
let newparam_value = inj.set_urlvalue("test", "hello");
77+
let inject_payload = inj.url_value("hello");
78+
assert_eq!(newparam_value.as_str(),"http://google.com/?test=1hello");
79+
assert_eq!(inject_payload, test_params);
80+
}
6081
}

utils/src/poc.rs

Lines changed: 0 additions & 60 deletions
This file was deleted.

utils/src/requests.rs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
#![allow(dead_code)]
22
use reqwest::blocking::ClientBuilder;
3-
use reqwest::header::HeaderMap;
4-
use reqwest::header::HeaderName;
5-
use reqwest::header::HeaderValue;
3+
use reqwest::header::{
4+
HeaderMap,
5+
HeaderName,
6+
HeaderValue};
67
use reqwest::redirect::Policy;
78
use reqwest::Proxy;
89
use reqwest::StatusCode;
@@ -112,7 +113,8 @@ impl Msg {
112113
self.headers.iter().for_each(|(k, v)| {
113114
headers.append(
114115
HeaderName::from_bytes(k.as_bytes()).unwrap(),
115-
HeaderValue::from_str(v.as_str()).unwrap());
116+
HeaderValue::from_str(v.as_str()).unwrap(),
117+
);
116118
});
117119
if headers.len() > 0 {
118120
resp = resp.default_headers(headers);

0 commit comments

Comments
 (0)