Python实现XSS扫描

发布于:2023-01-31 ⋅ 阅读:(706) ⋅ 点赞:(0)

利用Python代码实现XSS检测

import requests


# HTML转换实体字符

def str_html(source):
    result = ""
    for c in source:
        result += '&#x' + hex(ord(c)) + ';'
    return result.replace('0x', '')


# 从响应中检测Payload是否有效

def check_resp(response, payload, type):
    index = response.find(payload)
    prefix = response[index - 2:index - 1]
    if type == 'Normal' and prefix != '=' and index >= 0:
        return True
    elif type == 'Prop' and prefix == '=' and index >= 0:
        return True

    elif type == 'Escape':
        index = response.find(str_html(payload))
        prefix = response[index - 2:index - 1]
        if prefix == '=' and str_html(payload) in response:
            return True

    elif index >= 0 and prefix == '=':
        return True

    return False


# 实现XSS扫描的主功能
def xss_scan(location):
    url = location.split('?')[0]
    param_list = location.split('?')[1].split('&')
    # 此处为XSS的爆破字典,可以自行替换
    with open('./dict/xss_payload.txt') as file:
        payload_list = file.readlines()
    for payload in payload_list:
        type = payload.strip().split(':', 1)[0]
        payload = payload.strip().split(':', 1)[1]
        # 针对HTTP信息的检测
        if type == 'Referer' or type == 'User-Agent' or type == 'Cookie':
            header = {type: payload}
            resp = requests.get(url=url, headers=header)
        elif type == 'Escape':
            params = {}
            for param in param_list:
                key = param.split("=")[0]
                params[key] = str_html(payload)
            resp = requests.get(url=url, params=params)
        else:
            params = {}
            for param in param_list:
                key = param.split("=")[0]
                params[key] = payload
            resp = requests.get(url=url, params=params)
        if check_resp(resp.text, payload, type):
            print(f"此处存在XSS漏洞:{payload}")


if __name__ == '__main__':
    # xss_scan('URL地址')


网站公告

今日签到

点亮在社区的每一天
去签到