July 24, 2020 at 9:59 am
#42938
Peter Queen
Participant
Hi Diego!
I tried the findAll and I get the same error as I get with find_all:
root@kali:~/PycharmProjects/vulnerability-scanner# python3 vulnerability_scanner.py
http://10.0.2.14/dvwa/dvwa/css/main.css
http://10.0.2.14/dvwa/favicon.ico
http://10.0.2.14/dvwa/
http://10.0.2.14/dvwa/instructions.php
http://10.0.2.14/dvwa/setup.php
http://10.0.2.14/dvwa/vulnerabilities/brute/
http://10.0.2.14/dvwa/vulnerabilities/exec/
http://10.0.2.14/dvwa/vulnerabilities/csrf/
http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php
http://10.0.2.14/dvwa/vulnerabilities/sqli/
http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/
http://10.0.2.14/dvwa/vulnerabilities/upload/
http://10.0.2.14/dvwa/vulnerabilities/xss_r/
http://10.0.2.14/dvwa/vulnerabilities/xss_s/
http://10.0.2.14/dvwa/security.php
http://10.0.2.14/dvwa/phpinfo.php
http://10.0.2.14/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
http://10.0.2.14/dvwa/about.php
http://10.0.2.14/dvwa/instructions.php?doc=PHPIDS-license
http://10.0.2.14/dvwa/instructions.php?doc=readme
http://10.0.2.14/dvwa/instructions.php?doc=changelog
http://10.0.2.14/dvwa/instructions.php?doc=copying
http://10.0.2.14/dvwa/security.php?phpids=on
http://10.0.2.14/dvwa/security.php?phpids=off
http://10.0.2.14/dvwa/security.php?test=%22><script>eval(window.name)</script>
http://10.0.2.14/dvwa/ids_log.php
[+] Testing form in http://10.0.2.14/dvwa/setup.php
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/brute/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/exec/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/csrf/
[+] Testing http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/
[+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/upload/
Traceback (most recent call last):
File "vulnerability_scanner.py", line 13, in <module>
vuln_scanner.run_scanner()
File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 66, in run_scanner
is_vulnerable_to_xss = self.test_xxs_in_form(form, link)
File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 87, in test_xxs_in_form
return xxs_test_script.encode() in response.content
AttributeError: 'NoneType' object has no attribute 'content'
any suggestions? thanks!