Xss scanner-阿里云开发者社区

开发者社区> 人工智能> 正文
登录阅读全文

Xss scanner

简介:

把代码保存为.pl即可

===============code================

#!/usr/bin/perl
use IO::Socket;
use Net::FTP;
$host = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$user = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$pass = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";
$log_file = shift;
$ftp=Net::FTP->new($host) or die "Impossibile connettersi a $host.\n";
$ftp->login ($user, $pass) or die "Errore durante il login.\n";
@file = $ftp->ls ();
$cont4 = 0;
$log = "Scansione sito: $host\n";
while ($cont4 < scalar (@file)){
my $sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => "80",
Proto => "tcp",
) or die "Impossibile connettersi a $host: $!\n";
$page = "";
print $sock "get /@file[$cont4]\n\n";
while (<$sock>){
        $page .= $_;
}
my (@variabili, @var_method);
$cont2 = 0;
$cont = 0;
while ($cont <= length ($page)){
if ($page =~ /<form.+?method.+?('|")(.+?)("|')/){
$method = $2;
$page =~ /<form.+?>(.+?)<\/form>/;
$cont5 = 0;
$in_form = $1;
while ($cont5 <= length ($in_form)){
if ($in_form =~ /<(input|textarea).+?name.+?('|")(.+?)("|')/){
@variabili [$cont2] = $3;
@var_method [$cont2] = $method;
$in_form =~ s/<(input|textarea).+?name.+?('|")(.+?)("|')/done/;
}
$cont5++;
}
$page =~ s/<form.+?method.+?('|")(.+?)("|')/done/;
}
$cont++;
}
close ($sock);
$cont3 = 0;
while ($cont3 < scalar (@variabili)){
        my $sock = new IO::Socket::INET(
        PeerHost => $host,
        PeerPort => "80",
Proto => "tcp",
        ) or die "Impossibile connettersi a $host.\n";
if (@var_method[$cont3] == "GET"){
        print $sock "get /@file[$cont4]?@variabili[$cont3]=<script>alert(1)</script>\n\n";
}
elsif (@var_method[$cont3] == "POST"){ 
$var = "@variabili[$cont3]=<script>alert(1)</script>";
$to_send = "POST /pagina\n".
        "Host: $host\n".
             "Content-Type: application/x-www-form-urlencoded\n".
        "Content-Length: ".length($var)."\n\n".
        $var."\n\n"; 
print $sock $to_send;
}
else {
die "@var_method[$cont3]: Metodo sconosciuto.\n";
}
        $page2 = "";
        while (<$sock>){
                $page2 .= $_;
        }
        if ($page2 =~ /<script>alert\(1\)<\/script>/){
                print "/@file[$cont4]: @variabili[$cont3] vulnerabile.\n";
$log .= "\n/@file[$cont4]: @variabili[$cont3] vulnerabile.";
        }
        $cont3++;
        close ($sock);
}
$cont4++;
}
if ($log_file != ""){
open (LOG, $log_file) or die "Errore durante l'apertura del file: $!\n";
print LOG $log;
close ($log);
}

================code========================



本文转自enables 51CTO博客,原文链接:http://blog.51cto.com/niuzu/579444,如需转载请自行联系原作者


版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
人工智能
使用钉钉扫一扫加入圈子
+ 订阅

了解行业+人工智能最先进的技术和实践,参与行业+人工智能实践项目

其他文章
最新文章
相关文章