July 22, 2020 at 6:26 pm
#42844
Peter Queen
Participant
Hello Diego,
Yes it was a the / the was missing, I now run into another error:
#!/usr/bin/env python
import requests
import re
import urllib.parse as urlparse
from bs4 import BeautifulSoup
class Scanner:
def __init__(self, url, ignore_links):
self.session = requests.Session()
self.target_url = url
self.target_links = []
self.links_to_ignore = ignore_links
def extract_links_from(self, url):
response = self.session.get(url)
return re.findall('(?:href=")(.*?)"', response.content.decode(errors="ignore")) # response.content.decode(ignore="error))
def crawl(self, url=None):
if url == None:
url =self.target_url
href_links = self.extract_links_from(url)
for link in href_links:
link = urlparse.urljoin(url, link)
if "#" in link:
link = link.split("#")[0]
if self.target_url in link and link not in self.target_links and link not in self.links_to_ignore:
self.target_links.append(link)
print(link)
self.crawl(link)
def extract_forms(self,url):
response = self.session.get(url)
parsed_html = BeautifulSoup(response.content, features="lxml")
return parsed_html.find_all("form")
def submit_form(self, form, value, url):
action = form.get("action")
post_url = urlparse.urljoin(url, action)
method = form.get("method")
inputs_list = form.find_all("input")
post_data = {}
for input in inputs_list:
input_name = input.get("name")
input_type = input.get("type")
input_value = input.get("value")
if input_type == "text":
input_value = value
post_data[input_name] = input_value
if method == "post":
return self.session.post(post_url, data=post_data)
return self.session.get(post_url, params=post_data)
def run_scanner(self):
for link in self.target_links:
forms = self.extract_forms(link)
for form in forms:
print("[+] Testing form in " + link)
is_vulnerable_to_xss = self.test_xxs_in_form(form, link)
if is_vulnerable_to_xss:
print("[****] XXS discovered in " + link + "in the following form")
print(form)
if "=" in link:
print("\n\n[+] Testing " + link)
is_vulnerable_to_xss = self.test_xxs_in_link(link)
if is_vulnerable_to_xss:
print("[****] XXS discovered in " + link )
def test_xxs_in_link(self,url):
xxs_test_script = "<sCript>alert('test')</scriPt>"
url = url.replace("=", "=" + xxs_test_script)
response = self.session.get(url)
return xxs_test_script.encode() in response.content
def test_xxs_in_form(self, form, url):
xxs_test_script = "<sCript>alert('test')</scriPt>"
response = self.submit_form(form, xxs_test_script, url)
return xxs_test_script.encode() in response.content
#!/usr/bin/env python
import scanner
target_url = "http://10.0.2.14/dvwa/"
links_to_ignore =["http://10.0.2.14/dvwa/logout.php"]
data_dict = {"username": "admin", "password": "password", "Login": "submit"}
vuln_scanner = scanner.Scanner(target_url, links_to_ignore)
vuln_scanner.session.post("http://10.0.2.14/dvwa/login.php", data=data_dict)
vuln_scanner.crawl()
vuln_scanner.run_scanner()
Error:
root@kali:~/PycharmProjects/vulnerability-scanner# python3 vulnerability_scanner.py
http://10.0.2.14/dvwa/dvwa/css/main.css
http://10.0.2.14/dvwa/favicon.ico
http://10.0.2.14/dvwa/
http://10.0.2.14/dvwa/instructions.php
http://10.0.2.14/dvwa/setup.php
http://10.0.2.14/dvwa/vulnerabilities/brute/
http://10.0.2.14/dvwa/vulnerabilities/exec/
http://10.0.2.14/dvwa/vulnerabilities/csrf/
http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php
http://10.0.2.14/dvwa/vulnerabilities/sqli/
http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/
http://10.0.2.14/dvwa/vulnerabilities/upload/
http://10.0.2.14/dvwa/vulnerabilities/xss_r/
http://10.0.2.14/dvwa/vulnerabilities/xss_s/
http://10.0.2.14/dvwa/security.php
http://10.0.2.14/dvwa/phpinfo.php
http://10.0.2.14/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
http://10.0.2.14/dvwa/about.php
http://10.0.2.14/dvwa/instructions.php?doc=PHPIDS-license
http://10.0.2.14/dvwa/instructions.php?doc=readme
http://10.0.2.14/dvwa/instructions.php?doc=changelog
http://10.0.2.14/dvwa/instructions.php?doc=copying
http://10.0.2.14/dvwa/security.php?phpids=on
http://10.0.2.14/dvwa/security.php?phpids=off
http://10.0.2.14/dvwa/security.php?test=%22><script>eval(window.name)</script>
http://10.0.2.14/dvwa/ids_log.php
[+] Testing form in http://10.0.2.14/dvwa/setup.php
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/brute/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/exec/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/csrf/
[+] Testing http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/upload/
Traceback (most recent call last):
File "vulnerability_scanner.py", line 13, in <module>
vuln_scanner.run_scanner()
File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 66, in run_scanner
is_vulnerable_to_xss = self.test_xxs_in_form(form, link)
File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 87, in test_xxs_in_form
return xxs_test_script.encode() in response.content
AttributeError: 'NoneType' object has no attribute 'content'
root@kali:~/PycharmProjects/vulnerability-scanner#
I could not work out, the same code few lines above doesn’t give an error.
If I may I have a suggestion, I have done a Python course on Udemy and there was the possibility to download the source code of what we were learning, it was easier like this to spot typo by our self.
Thanks