Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / xsssniper / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
"""
Faraday Penetration Test IDE
Copyright (C) 2017  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information
"""
import re

__author__ = "Roberto Focke"
__copyright__ = "Copyright (c) 2017, Infobyte LLC"
__license__ = ""
__version__ = "1.0.0"

from faraday_plugins.plugins.plugin import PluginBase


class xsssniper(PluginBase):

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.id = "xsssniper"
        self.name = "xsssniper"
        self.plugin_version = "0.0.1"
        self.version = "1.0.0"
        self.protocol = "tcp"
        self._command_regex = re.compile(r'^(sudo xsssniper|xsssniper|sudo xsssniper\.py|xsssniper\.py|sudo python'
                                         r'xsssniper\.py|.\/xsssniper\.py|python xsssniper\.py)\s+')

    def parseOutputString(self, output):
        parametro = []
        lineas = output.split("\n")
        aux = 0
        for linea in lineas:
            if not linea:
                continue
            linea = linea.lower()
            if (linea.find("target:")>0):
                url = re.findall(r'(?:[-\w.]|(?:%[\da-fA-F]{2}))+', linea)
                address = self.resolve_hostname(url[3])
                host_id = self.createAndAddHost(address, hostnames=url[3])
            if (linea.find("method")>0):
                list_a = re.findall(r"\w+", linea)
                metodo= list_a[1]
            if (linea.find("query string:")>0):
                lista_parametros=linea.split('=')
                aux=len(lista_parametros)
            if (linea.find("param:")>0):
                list2 = re.findall(r"\w+",linea)
                parametro.append(list2[1])
                service_id = self.createAndAddServiceToHost(host_id, self.protocol, 'tcp', ports=['80'], status='Open',
                                                            version="", description="")
        if aux != 0:
            self.createAndAddVulnWebToService(host_id, service_id, name="xss", desc="XSS", ref='', severity='med',
                                              website=url[0], path='', method=metodo, pname='',
                                              params=''.join(parametro), request='', response='')


def createPlugin(*args, **kwargs):
    return xsssniper(*args, **kwargs)