samooo999
عدد الرسائل : 39 العمر : 36 الموقع : argentina العمل/الترفيه : com act المزاج : رواق تاريخ التسجيل : 21/01/2010
| موضوع: [Perl] Cross Site Scripting Finder Script السبت فبراير 06, 2010 11:02 pm | |
| ######################################## # # Author: darkjoker # # Site: http://xhacker.altervista.org # # Program: XSS Finder # # Sintax: perl xss_finder.pl [] # # Copyright (C) 2008 darkjoker This program is free software: you can redistribute # it and/or modify it under the terms of the GNU General Public License as published # by the Free Software Foundation, either version 3 of the License, or (at your option) # any later version. This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Public License # GNU General for more details. # You should have received a copy of the GNU General Public License along with this # program. If not, see . # # ########################################
#!/usr/bin/perl use IO::Socket; use Net::FTP; $host = shift or die "Usage: perl $0 []\n"; $user = shift or die "Usage: perl $0 []\n"; $pass = shift or die "Usage: perl $0 []\n"; $log_file = shift; $ftp=Net::FTP->new($host) or die "Impossibile connettersi a $host.\n"; $ftp->login ($user, $pass) or die "Errore durante il login.\n"; @file = $ftp->ls (); $cont4 = 0; $log = "Scansione sito: $host\n"; while ($cont4 < scalar (@file)){ my $sock = new IO::Socket::INET ( PeerHost => $host, PeerPort => "80", Proto => "tcp", ) or die "Impossibile connettersi a $host: $!\n"; $page = ""; print $sock "get /@file[$cont4]\n\n"; while (<$sock>){ $page .= $_; } my (@variabili, @var_method); $cont2 = 0; $cont = 0; while ($cont <= length ($page)){ if ($page =~ / $method = $2; $page =~ /(.+?)<\/form>/; $cont5 = 0; $in_form = $1; while ($cont5 <= length ($in_form)){ if ($in_form =~ /<(input|textarea).+?name.+?('|")(.+?)("|')/){ @variabili [$cont2] = $3; @var_method [$cont2] = $method; $in_form =~ s/<(input|textarea).+?name.+?('|")(.+?)("|')/done/; } $cont5++; } $page =~ s/ } $cont++; } close ($sock); $cont3 = 0; while ($cont3 < scalar (@variabili)){ my $sock = new IO::Socket::INET( PeerHost => $host, PeerPort => "80", Proto => "tcp", ) or die "Impossibile connettersi a $host.\n"; if (@var_method[$cont3] == "GET"){ print $sock "get /@file[$cont4]?@variabili[$cont3]=alert(1)\n\n"; } elsif (@var_method[$cont3] == "POST"){ $var = "@variabili[$cont3]=alert(1)"; $to_send = "POST /pagina\n". "Host: $host\n". "Content-Type: application/x-www-form-urlencoded\n". "Content-Length: ".length($var)."\n\n". $var."\n\n"; print $sock $to_send; } else { die "@var_method[$cont3]: Metodo sconosciuto.\n"; } $page2 = ""; while (<$sock>){ $page2 .= $_; } if ($page2 =~ /alert\(1\)<\/script>/){ print "/@file[$cont4]: @variabili[$cont3] vulnerabile.\n"; $log .= "\n/@file[$cont4]: @variabili[$cont3] vulnerabile."; } $cont3++; close ($sock); } $cont4++; } if ($log_file != ""){ open (LOG, $log_file) or die "Errore durante l'apertura del file: $!\n"; print LOG $log; close ($log); } | |
|