-
Notifications
You must be signed in to change notification settings - Fork 149
/
x3scan.rb
49 lines (40 loc) · 1.1 KB
/
x3scan.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#/usr/bin/ruby -w
# Xss Detection tool Powred by baha
require "open-uri"
require "net/http"
require "colorize"
system("cls")
print "
_ _ ___
`. / / \ ____ ___ ___ , __
\,' _-' ( .' ` / ` |' `.
,'\ \ `--. | | | | |
/ \ \___) \___.' `._.' `.__/| / |
\n".red
list = ARGV[0]
if (ARGV.length < 1) then
def ban()
puts "USAGE <./x3scan.rb sites.txt >"
exit
end
ban()
end
File.open("#{list}","r").each do |target|
#Payloads encoded with http encode
payload =["%22%3EXXTES%3C","%2F%22%3EXXTES%3C","%2522%253EXXTES%253C","%3Ca%20href%3D%22google.com%22%3EXXTES%3C%2Fa%3E"]
e = 1
payload.each do |i|
result = open("#{target}#{i}").read
response = Net::HTTP.get_response(URI.parse("#{target}#{i}"))
if (response.code != "200") then
puts " #{target} Maybe Vulnrable \n\n".yellow
break
end
if (result[">XXTES<"].nil?) then
puts " #{target} Not vulnrable to xss"
else
puts "#{target} XSS DETECTED"
break
end
end
end