修改XSSpayloads到redis数据库中

Lv1Y2 · May 5, 2020 · 3ba43f9 · 3ba43f9
1 parent cf53f22
commit 3ba43f9
Show file tree

Hide file tree

Showing 11 changed files with 26 additions and 80 deletions.
diff --git a/BugScan.py b/BugScan.py
@@ -2,24 +2,19 @@
 from XSSBug.XSSCheck import GetXSS
 from ComIn.ComCheck import GetComIn
 from File_Inclusion.LocalFileInclude import CheckLocalFileInclude
+
+
 class BugScan:
-    def __init__(self,url):
+    def __init__(self,url,reaidspool):
         self.url=url
-        self.XSSPayload = []
-        try:
-            with open('XSSBug/normal_payload.txt', 'r') as f:
-                for line in f:
-                    final = str(line.replace("\n", ""))
-                    self.XSSPayload.append(final)
-        except Exception as e:
-            pass
+        self.redispool=reaidspool
 
     def SQLBugScan(self):
         vulnerable, db, payload =InjectionControl(self.url)
         return vulnerable,db,payload
 
     def XSSBugScan(self):
-        vulnerable, website, payload=GetXSS(self.url,self.XSSPayload)
+        vulnerable, website, payload=GetXSS(self.url,self.redispool)
         return vulnerable, website, payload
 
     def ComInScan(self):
@@ -29,8 +24,10 @@ def ComInScan(self):
     def FileIncludeScan(self):
         vulnerable, website, payload=CheckLocalFileInclude(self.url)
         return vulnerable, website, payload
+
     def WebLogicScan(self):
         return None
+
     def POCScan(self):
         return None
 

diff --git a/ConsoleIndex.py b/ConsoleIndex.py
@@ -6,7 +6,6 @@
 from BaseMessage import GetBaseMessage
 from IPMessage import IPMessage
 from DomainMessage import DomainMessage
-from SZheScan import SZheScan
 
 '''
 ip和域名进入不同的调度函数扫描

diff --git a/ImportToRedis.py b/ImportToRedis.py
@@ -16,14 +16,19 @@ def ToRedis():
     # r.flushdb()
     r.delete("SubScan")
     r.delete("SenScan")
-    file1 = open(r"dict\SUB_scan.txt", "r", encoding='utf-8')
-    file2 = open(r"dict\SEN_scan.txt", "r", encoding='utf-8')
+    r.delete("XSSpayloads")
+    file1 = open(r"dict/SUB_scan.txt", "r", encoding='utf-8')
+    file2 = open(r"dict/SEN_scan.txt", "r", encoding='utf-8')
+    file3=open('XSSBug/normal_payload.txt', 'r')
     for line1 in file1.readlines():
         r.lpush("SubScan", line1.replace("\n", ''))
     file1.close()
     for line2 in file2.readlines():
         r.lpush("SenScan", line2.replace("\n", ""))
     file2.close()
+    for line3 in file3.readlines():
+        r.lpush("XSSpayloads",line3.replace("\n",""))
+    file3.close()
 
 
 ToRedis()
diff --git a/SZheConsole.py b/SZheConsole.py
@@ -8,7 +8,7 @@
 import ImportToRedis
 import redis
 import  get_message
-
+from XSSBug.XSSCheck import GetXSS
 '''
 获取baseinfo ->MySQL
  ip->获取ipinfo->MySQL
@@ -44,5 +44,6 @@ def SZheConsole(url,redispool):
 
 if __name__=='__main__':
     redispool = redis.Redis(connection_pool=ImportToRedis.redisPool)
-    SZheConsole('www.taobao.com',redispool)
+    # SZheConsole('www.taobao.com',redispool)
+    GetXSS("http://leettime.net/xsslab1/chalg1.php?name=1",redispool)
     # print(get_message.SubDomainBurst("www.taobao.com",redispool))
diff --git a/SZheScan.py b/SZheScan.py
diff --git a/XSSBug/XSSCheck.py b/XSSBug/XSSCheck.py
@@ -1,24 +1,22 @@
 import urllib.parse as urlparse
 import core
-
+import ImportToRedis
+import redis
 
 '''
 使用XSS的payload对目标进行请求，在返回文本中查找关键字，存在输入的payload，证明存在反射型xss漏洞
 Get_XSS函数传入url和flag参数
 url为传入的检测是否存在XSS漏洞的网站，形如http://xxx.xxx.xxx/test.php?search=jack 或者xxx.xxx.xxx/test.php?search=jack
 '''
 
-def GetXSS(url):
+def GetXSS(url,redispool):
     domain = url.split("?")[0]
     queries = urlparse.urlparse(url).query.split("&")
     if not any(queries):
         return False,None,None
     else:
-        payloads=[]
-        file = open(r"XSSBug/normal_payload.txt", 'r')
-        for line in file.readlines():
-            payloads.append(line)
-        for payload in payloads:
+        for payloadindex in range(redispool.llen("XSSpayloads")-1,-1,-1 ):
+            payload=redispool.lindex("XSSpayloads", payloadindex)
             website = domain + "?" + ("&".join([param + payload for param in queries]))
             source = core.gethtml(website)
             if payload in source:
@@ -28,6 +26,7 @@ def GetXSS(url):
     return False,None,None
 
 if __name__=='__main__':
-    GetXSS("http://leettime.net/xsslab1/chalg1.php?name=1")
-    GetXSS("http://testphp.vulnweb.com/listproducts.php?cat=1")
-    GetXSS("http://www.yuebooemt.com/about.php?id=37")
+    redispool = redis.Redis(connection_pool=ImportToRedis.redisPool)
+    GetXSS("http://leettime.net/xsslab1/chalg1.php?name=1",redispool)
+    GetXSS("http://testphp.vulnweb.com/listproducts.php?cat=1",redispool)
+    GetXSS("http://www.yuebooemt.com/about.php?id=37",redispool)
diff --git a/XSSBug/__pycache__/XSSCheck.cpython-37.pyc b/XSSBug/__pycache__/XSSCheck.cpython-37.pyc
diff --git a/__pycache__/ImportToRedis.cpython-37.pyc b/__pycache__/ImportToRedis.cpython-37.pyc
diff --git a/__pycache__/get_message.cpython-37.pyc b/__pycache__/get_message.cpython-37.pyc
diff --git a/get_message.py b/get_message.py
@@ -41,8 +41,6 @@ def GetWhois(domain):
     except:
         str = None
         pass
-    # print(str)
-    print("222")
     return str
 
 
@@ -102,7 +100,6 @@ def GetBindingIP(domain):
         str = "\n".join(context)
     except:
         pass
-    print("333")
     return str
 
 
@@ -138,7 +135,6 @@ def GetRecordInfo(domain):
     except Exception as e:
         print(e)
         pass
-    print("555")
     return context
 
 
@@ -181,7 +177,6 @@ def GetSiteStation(ip):
         if "屏蔽的关键字" in i:
             text.remove(i)
     str = "\n".join(text)
-    print("444")
     return str
 
 
@@ -318,7 +313,6 @@ def FindDomainAdd(domain):
         str = "\n".join(context)
     except:
         pass
-    print("666")
     return str.lstrip()
 
 

diff --git a/index.py b/index.py
@@ -2,7 +2,6 @@
 from flask import Flask, render_template, request, redirect, url_for, session, flash
 from flask_sqlalchemy import SQLAlchemy
 from lxml.html.builder import HEAD
-
 import config
 from models import User, Log, BaseInfo
 from exts import db