xml_exporter.py 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. # vim: set expandtab tabstop=4 shiftwidth=4:
  4. """
  5. This file is part of the XSSer project, https://xsser.03c8.net
  6. Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
  7. xsser is free software; you can redistribute it and/or modify it under
  8. the terms of the GNU General Public License as published by the Free
  9. Software Foundation version 3 of the License.
  10. xsser is distributed in the hope that it will be useful, but WITHOUT ANY
  11. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  13. details.
  14. You should have received a copy of the GNU General Public License along
  15. with xsser; if not, write to the Free Software Foundation, Inc., 51
  16. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  17. """
  18. import xml.etree.ElementTree as ET
  19. import datetime
  20. class xml_reporting(object):
  21. """
  22. Print results from an attack in an XML fashion
  23. """
  24. def __init__(self, xsser):
  25. # initialize main XSSer
  26. self.instance = xsser
  27. # some counters
  28. self.xsr_found = 0
  29. self.xsa_found = 0
  30. self.coo_found = 0
  31. self.dcp_found = 0
  32. self.dom_found = 0
  33. self.ind_found = 0
  34. def print_xml_results(self, filename):
  35. root = ET.Element("report")
  36. hdr = ET.SubElement(root, "header")
  37. title = ET.SubElement(hdr, "title")
  38. title.text = "XSSer Security Report: " + str(datetime.datetime.now())
  39. abstract = ET.SubElement(root, "abstract")
  40. total_injections = len(self.instance.hash_found) + len(self.instance.hash_notfound)
  41. if len(self.instance.hash_found) + len(self.instance.hash_notfound) == 0:
  42. pass
  43. injections = ET.SubElement(abstract, "injections")
  44. total_inj = ET.SubElement(injections, "total")
  45. failed_inj = ET.SubElement(injections, "failed")
  46. success_inj = ET.SubElement(injections, "successful")
  47. accur_inj = ET.SubElement(injections, "accur")
  48. total_inj_i = len(self.instance.hash_found) + len(self.instance.hash_notfound)
  49. total_inj.text = str(total_inj_i)
  50. failed_inj.text = str(len(self.instance.hash_notfound))
  51. success_inj.text = str(len(self.instance.hash_found))
  52. try:
  53. accur_inj.text = "%s %%" % (str((len(self.instance.hash_found) * 100) / total_inj_i), )
  54. except ZeroDivisionError:
  55. accur_inj.text = "0 %"
  56. if self.instance.options.statistics:
  57. stats = ET.SubElement(root, "stats")
  58. test_time = datetime.datetime.now() - self.instance.time
  59. time_ = ET.SubElement(stats, "duration")
  60. time_.text = str(test_time)
  61. total_connections = self.instance.success_connection + self.instance.not_connection + self.instance.forwarded_connection + self.instance.other_connection
  62. con = ET.SubElement(stats, "connections")
  63. tcon = ET.SubElement(con, "total")
  64. tcon.text = str(total_connections)
  65. okcon = ET.SubElement(con, "ok")
  66. okcon.text = str(self.instance.success_connection)
  67. notfound = ET.SubElement(con, "notfound")
  68. notfound.text = str(self.instance.not_connection)
  69. forbidden = ET.SubElement(con, "forbidden")
  70. forbidden.text = str(self.instance.forwarded_connection)
  71. othercon = ET.SubElement(con, "other")
  72. othercon.text = str(self.instance.other_connection)
  73. st_accur = ET.SubElement(con, "accur")
  74. try:
  75. st_accur.text = "%s %%" % (str(((len(self.instance.success_connection) * 100) / total_connections)), )
  76. except ZeroDivisionError:
  77. st_accur.text = "0 %"
  78. st_inj = ET.SubElement(stats, "injections")
  79. st_inj_total = ET.SubElement(st_inj, "total")
  80. st_inj_total.text = str(total_injections)
  81. st_success = ET.SubElement(st_inj, "successful")
  82. st_success.text = str(len(self.instance.hash_found))
  83. st_failed = ET.SubElement(st_inj, "failed")
  84. st_failed.text = str(len(self.instance.hash_notfound))
  85. st_accur = ET.SubElement(st_inj, "accur")
  86. try:
  87. st_accur.text = "%s %%" % (str(((len(self.instance.hash_found) * 100) / total_injections)),)
  88. except ZeroDivisionError:
  89. st_accur.text = "0 %"
  90. results = ET.SubElement(root, "results")
  91. for line in self.instance.hash_found:
  92. attack = ET.SubElement(results, "attack")
  93. url_ = ET.SubElement(attack, "payload")
  94. url_.text = line[0]
  95. attack_url = self.instance.apply_postprocessing(line[0], line[1], line[2], line[3], line[4], line[5], line[6])
  96. if self.instance.options.onm or self.instance.options.ifr or self.instance.options.b64 or self.instance.options.dos or self.instance.options.doss or self.instance.options.finalremote or self.instance.options.finalpayload:
  97. aurl = ET.SubElement(attack, "finalattack")
  98. else:
  99. aurl = None
  100. if line[2] == "xsr":
  101. self.xsr_found = self.xsr_found +1
  102. xsr_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
  103. if xsr_vulnerable_host[0]["payload"] == line[4] and xsr_vulnerable_host[0]["target"] == line[6] and self.xsr_found > 1:
  104. pass
  105. else:
  106. aurl.text = "XSR Injection! " + str(line[6]) + "/"+str(line[4])
  107. elif line[2] == "xsa":
  108. self.xsa_found = self.xsa_found +1
  109. xsa_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
  110. if xsa_vulnerable_host[0]["payload"] == line[4] and xsa_vulnerable_host[0]["target"] == line[6] and self.xsa_found > 1:
  111. pass
  112. else:
  113. aurl.text = "XSA Injection! " + str(line[6]) + "/"+str(line[4])
  114. elif line[2] == "coo":
  115. self.coo_found = self.coo_found +1
  116. coo_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
  117. if coo_vulnerable_host[0]["payload"] == line[4] and coo_vulnerable_host[0]["target"] == line[6] and self.coo_found > 1:
  118. pass
  119. else:
  120. aurl.text = "Cookie Injection! " + str(line[6]) + "/"+str(line[4])
  121. elif line[2] == "dcp":
  122. self.dcp_found = self.dcp_found +1
  123. dcp_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
  124. if dcp_vulnerable_host[0]["payload"] == line[4] and dcp_vulnerable_host[0]["target"] == line[6] and self.dcp_found > 1:
  125. pass
  126. else:
  127. aurl.text = "DCP (Data Control Protocol) " + str(line[6]) + "/"+str(line[4])
  128. elif line[2] == "dom":
  129. self.dom_found = self.dom_found +1
  130. dom_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
  131. if dom_vulnerable_host[0]["payload"] == line[4] and dom_vulnerable_host[0]["target"] == line[6] and self.dom_found > 1:
  132. pass
  133. else:
  134. aurl.text = "DOM (Document Object Model) " + str(line[6]) + "/"+str(line[4])
  135. elif line[2] == "ind":
  136. self.ind_found = self.ind_found +1
  137. ind_vulnerable_host = [{"payload":str(line[4]), "target":str(line[6])}]
  138. if ind_vulnerable_host[0]["payload"] == line[4] and ind_vulnerable_host[0]["target"] == line[6] and self.ind_found > 1:
  139. pass
  140. else:
  141. aurl.text = "HTTPrs (HTTP Response Splitting) " + str(line[6]) + "/"+str(line[4])
  142. else:
  143. if aurl == None:
  144. pass
  145. else:
  146. aurl.text = attack_url
  147. if line[2] == "xsr" or line[2] == "xsa" or line[2] == "coo" or line[2] == "dcp" or line[2] == "dom" or line[2] == "ind":
  148. pass
  149. else:
  150. browsers = ET.SubElement(attack, "vulnerable")
  151. browsers.text = line[1]
  152. method = ET.SubElement(attack, "vector")
  153. method.text = line[2]
  154. if not self.instance.hash_found:
  155. msg = ET.SubElement(results, "results")
  156. msg.text = ""
  157. for h in self.instance.hash_notfound:
  158. if h[2] == 'heuristic':
  159. if not h[4]:
  160. msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
  161. else:
  162. msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
  163. elif h[2] == 'hashing check':
  164. if not h[4]:
  165. msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[3]) + "\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n" + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
  166. else:
  167. msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[3]) + " ]\n\n[!] Method: " + str(h[2]) + "\n\n[*] Payload: \n\n " + str(h[5]) + "\n\n[!] Status:\n\n FILTERED!\n\n"
  168. else:
  169. if h[4]:
  170. if h[2] == "XSA":
  171. msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
  172. elif h[2] == "XSR":
  173. msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
  174. elif h[2] == "COO":
  175. msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
  176. else:
  177. msg.text = msg.text + "[+] Target: " + str(h[6]) + " | " + str(h[4]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + str(h[1]) + "\n\n[!] Status: XSS FAILED!\n\n"
  178. else:
  179. if h[2] == "XSA":
  180. msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: User-Agent Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
  181. elif h[2] == "XSR":
  182. msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Referer Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
  183. elif h[2] == "COO":
  184. msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: Cookie Injection" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Status: XSS FAILED!\n\n"
  185. else:
  186. msg.text = msg.text + "[+] Target: " + str(h[6]) + "\n[+] Vector: [ " + str(h[2]) + " ]\n\n[!] Method: URL" + "\n[*] Hash: " + str(h[3]) + " \n\n[*] Payload: \n\n " + str(h[0]) + "\n\n[!] Vulnerable: " + str(h[1]) + "\n\n[!] Status: XSS FAILED!\n\n"
  187. msg.text = msg.text + "="*75 + "\n\n"
  188. tree = ET.ElementTree(root)
  189. tree.write(filename)