Skip to content

Commit

Permalink
minor bug fixes and bump to 3.0.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@s0md3v
s0md3v authored Nov 14, 2018
2 parents 755f2fb + 7d790fe commit 4ba2dfe
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion core/config.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
changes = '''detection of up to 66 WAFs'''
changes = '''bug fixes;detection of up to 66 WAFs'''

defaultEditor = 'nano'
blindPayload = '' # your blind XSS payload
Expand Down
2 changes: 1 addition & 1 deletion core/fuzzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
limit -= 1
sleep(1)
try:
requests.get(url, timeout=5, headers=headers)
requester(url, params, headers, GET, 0, 10)
print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
except:
print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
Expand Down
8 changes: 4 additions & 4 deletions xsstrike.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

# Just a fancy ass banner
print('''%s
\tXSStrike %sv3.0.2
\tXSStrike %sv3.0.3
%s''' % (red, white, end))

try:
Expand Down Expand Up @@ -213,10 +213,10 @@ def singleTarget(target, paramData, verbose, encoding):
print ('%s Efficiency: %i' % (info, bestEfficiency))
print ('%s Confidence: %i' % (info, confidence))

def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload):
def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout):
signatures = set()
if domURL and not skipDOM:
response = requests.get(domURL).text
response = requester(domURL, {}, headers, True, delay, timeout).text
highlighted = dom(response)
if highlighted:
print ('%s Potentially vulnerable objects found at %s' % (good, domURL))
Expand Down Expand Up @@ -316,7 +316,7 @@ def bruteforcer(target, paramData, payloadList, verbose, encoding):
for i in range(difference):
domURLs.append(0)
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload) for form, domURL in zip(forms, domURLs))
futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout) for form, domURL in zip(forms, domURLs))
for i, _ in enumerate(concurrent.futures.as_completed(futures)):
if i + 1 == len(forms) or (i + 1) % threadCount == 0:
print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')
Expand Down

0 comments on commit 4ba2dfe

Please sign in to comment.