separted out the file reader

Author: dragthor

README.md

@@ -30,3 +30,4 @@ At the top of the Html content, look for a `<![CDATA[ \"-alert(123456789))// ]]>
 ## Additional Resources
 
 [OWASP XSS Cheatsheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet)
+

package.json

@@ -1,6 +1,6 @@
 {
   "name": "xss-scanner",
-  "version": "0.0.8",
+  "version": "0.0.9",
   "description": "Cross-Site Scripting (XSS) scanner.  This tool helps to find possible XSS vulnerabilities.",
   "keywords" : [ "xss", "xss-vulnerability", "xss-detection", "xss-exploitation", "xss-scanner" ],
   "repository": {

src/config.js

@@ -10,6 +10,7 @@ function xssOptions() {
         //     port: 8888
         // },
 
+        payloadFile: "data/payload.test.txt",
         fileOutput: false,
         host: "www.yourwebsite.com",
         port: 80,

src/payload.js

@@ -1,24 +1,13 @@
-var { stringFormat } = require('./util');
+var { stringFormat, ripPayload } = require('./util');
 var { xssOptions } = require('./config');
 
 const http = require("http");
 const fs = require("fs");
 const uuid = require("node-uuid");
-const readline = require("readline");
 const chalk = require("chalk");
 
 const config = xssOptions();
 
-const payloadFileReader = readline.createInterface({
-    input: fs.createReadStream("data/payload.txt")
-});
-
-payloadFileReader.on("line", (line) => {
-    if (line.length === 0) return;
-
-    attack(line);
-});
-
 var attack = function (line) {
     try {
         var reqOptions = {
@@ -77,4 +66,6 @@ var attack = function (line) {
     } catch (err) {
         console.log(chalk.red(err + " - " + line));
     }
-};
+};
+
+ripPayload(config.payloadFile, attack);

src/util.js

@@ -1,7 +1,11 @@
 module.exports = {
-	stringFormat
+	stringFormat,
+    ripPayload
 }
 
+const readline = require("readline");
+const fs = require("fs");
+
 // Thanks ASP.NET AJAX 1.0 Source Code Released
 // https://weblogs.asp.net/scottgu/asp-net-ajax-1-0-source-code-released
 function stringFormat (s) {
@@ -10,4 +14,22 @@ function stringFormat (s) {
         s = s.replace(reg, arguments[i + 1]);
     }
     return s;
+};
+
+function ripPayload(pathToPayload, attackCallback, doneCallback) {
+    let payloadReader = readline.createInterface({
+        input: fs.createReadStream(pathToPayload)
+    });
+
+    payloadReader.on("line", (line) => {
+        if (line.length === 0) return;
+
+        attackCallback(line);
+    });
+
+    payloadReader.on("close", () => {
+        if (doneCallback) {
+            doneCallback();
+        }
+    });
 };

tests/util.test.js

@@ -1,4 +1,4 @@
-var { stringFormat } = require('../src/util');
+var { stringFormat, ripPayload } = require('../src/util');
 
 const chai = require("chai");
 const expect = chai.expect;
@@ -15,4 +15,17 @@ describe("stringFormat", () => {
 
         expect(actual).to.equal("/whatever.php?foo=bar&fizz=buzz");
     });
+});
+
+describe("ripPayload", () => {
+    it("should rip line by line the input and invoke callback", (done) => {
+        let actualAttacks = 0;
+
+        ripPayload("data/payload.test.txt", (line) => {
+            actualAttacks++;
+        }, () => {
+            expect(actualAttacks).to.equal(12);
+            done();
+        });
+    });
 });