Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked DSXS -Damn Small XSS Scanner

sQuo

By ADMINsQuo
in Python

 Share

Recommended Posts

sQuo Hacker

ADMINsQuo

Posted
Posted

This is the hidden content, please

 

Damn Small SQLi Scanner (DSSS) has been made as a PoC where I wanted to show that commercial (SQLi) scanners can be beaten under 100 lines of code.

 

It supports GET and POST parameters, blind/error SQLi tests and advanced comparison of different response attributes to distinguish blind responses. If you are satisfied with your commercial tool scanning results then I believe that you could even be more satisfied with this one.

 

As of optional settings it supports HTTP proxy together with HTTP header values "User-Agent", "Referer" and "Cookie".

 

p.s. Python v2.6 or v2.7 is required for running this program

 

 

Latest source code can be found here (update: current version is v0.2 - Nov 13th 2011).

 

 

How to use -

 

 

$ python dsxs.py

Damn Small XSS Scanner (DSXS)

by: Miroslav Stampar (http://unconciousmind.blogspot.com'>http://unconciousmind.blogspot.com'>http://unconciousmind.blogspot.com'>http://unconciousmind.blogspot.com | @stamparm)

 

Usage: dsxs.py [options]

 

Options:

--version show program's version number and exit

-h, --help show this help message and exit

-u URL, --url=URL Target URL (e.g. "http://www.target.com/page.htm?id=1")

--data=DATA POST data (e.g. "query=test")

--cookie=COOKIE HTTP Cookie header value

--user-agent=UA HTTP User-Agent header value

--random-agent Use randomly selected HTTP User-Agent header value

--referer=REFERER HTTP Referer header value

--proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")

 

$ python dsxs.py -u "http://zero.webappsecurity.com/login1.asp" --data="login=te

st&password=test&graphicOption=minimum" --random-agent

Damn Small XSS Scanner (DSXS)

by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

 

* scanning POST parameter 'login'

(i) POST parameter 'login' appears to be XSS vulnerable (">...

some filtering))

* scanning POST parameter 'password'

* scanning POST parameter 'graphicOption'

 

scan results: possible vulnerabilities found

 

$ python dsxs.py -u "http://xss.progphp.com/xss8.html?input=1" --random-agent

Damn Small XSS Scanner (DSXS)

by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

 

* scanning GET parameter 'input'

(i) GET parameter 'input' appears to be XSS vulnerable ("...", pure text respon

se, no filtering))

 

scan results: possible vulnerabilities found

 

$ python dsxs.py -u "http://xss.progphp.com/xss12.html" --data="bar=secret&foo=test"

 

Damn Small XSS Scanner (DSXS)

by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

 

* scanning POST parameter 'bar'

* scanning POST parameter 'foo'

(i) POST parameter 'foo' appears to be XSS vulnerable ("<.>", inside tag,

inside single-quotes, some filtering))

 

scan results: possible vulnerabilities found

 

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.