神兵利器

BruteXSS(Xss漏洞扫描)中文汉化版

字号+ 作者:Sinyer 来源:转载 2016-11-25 10:21 我要评论( )

00x01 bilibili~这个星期,先打打飞机,在搞搞妓女!! 呸呸呸,怎么能这样,应该是搞搞python,改改版权~~~ 00x02 二话不说,先上原版图片! 我尼玛,这等神器竟......

00x01
bilibili~这个星期,先打打飞机,在搞搞妓女!!

呸呸呸,怎么能这样,应该是搞搞python,改改版权~~~
00x02
二话不说,先上原版图片!


我尼玛,这等神器竟然特么的是英文
赵日天的顿时就不服了~~    于是开始汉化ing~~
ps:未汉化前主程序源码

#!/usr/bin/env python
#!BruteXSS
#!Cross-Site Scripting Bruteforcer
#!Author: Shawar Khan
#!Site: [url=https://shawarkhan.com]https://shawarkhan.com[/url]
from string import whitespace
import httplib
import urllib
import socket
import urlparse
import os
import sys
import time
from colorama import init , Style, Back,Fore
import mechanize
import httplib
init()
banner = """                                                                                       
  ____             _        __  ______ ____ 
 | __ ) _ __ _   _| |_ ___  \ \/ / ___/ ___|
 |  _ \| '__| | | | __/ _ \  \  /\___ \___ \
 | |_) | |  | |_| | ||  __/  /  \ ___) |__) |
 |____/|_|   \__,_|\__\___| /_/\_\____/____/
                                           
 BruteXSS - Cross-Site Scripting BruteForcer
 
 Author: Shawar Khan - [url=https://shawarkhan.com]https://shawarkhan.com[/url]
 
 Sponsored & Supported by Netsparker Web Application Security Scanner ( [url=https://www.netsparker.com]https://www.netsparker.com[/url] )
 Note: Using incorrect payloads in the custom
 wordlist may give you false positives so its
 better to use the wordlist which is already
 provided for positive results.
"""
def brutexss():
 if os.name == 'nt':
  os.system('cls')
 else:
  os.system('clear')
 print banner
 def again():
  inp = raw_input("[?] [E]xit or launch [A]gain? (e/a)").lower()
  if inp == 'a':
   brutexss()
  elif inp == 'e':
   exit()
  else:
   print("[!] Incorrect option selected")
   again()
 grey = Style.DIM+Fore.WHITE
 def wordlistimport(file,lst):
  try:
   with open(file,'r') as f: #Importing Payloads from specified wordlist.
    print(Style.DIM+Fore.WHITE+"[+] Loading Payloads from specified wordlist..."+Style.RESET_ALL)
    for line in f:
     final = str(line.replace("\n",""))
     lst.append(final)
  except IOError:
   print(Style.BRIGHT+Fore.RED+"[!] Wordlist not found!"+Style.RESET_ALL)
   again()
 def bg(p,status):
  try:
   b = ""
   l = ""
   lostatus = ""
   num = []
   s = len(max(p, key=len)) #list
   if s < 10:
    s = 10
   for i in range(len(p)): num.append(i)
   maxval = str(len(num)) #number
   for i in range(s) : b = b + "-"
   for i in range(len(maxval)):l = l + "-"
   statuslen = len(max(status, key=len))
   for i in range(statuslen) : lostatus = lostatus + "-"
   if len(b) < 10 :
    b = "----------"
   if len(lostatus) < 14:
    lostatus="--------------"
   if len(l) < 2 :
    l = "--"
   los = statuslen
   if los < 14:
    los = 14
   lenb=len(str(len(b)))
   if lenb < 14:
    lenb = 10
   else:
    lenb = 20
   upb = ("+-%s-+-%s-+-%s-+")%(l,b,lostatus)
   print(upb)
   st0 = "Parameters"
   st1 = "Status"
   print("| Id | "+st0.center(s," ")+" | "+st1.center(los," ")+" |")
   print(upb)
   for n,i,d in zip(num,p,status):
       string = (" %s | %s ")%(str(n),str(i));
       lofnum = str(n).center(int(len(l))," ")
       lofstr = i.center(s," ")
       lofst = d.center(los," ")
       if "Not Vulnerable" in lofst:
        lofst = Fore.GREEN+d.center(los," ")+Style.RESET_ALL
       else:
        lofst = Fore.RED+d.center(los," ")+Style.RESET_ALL
       print("| "+lofnum+" | "+lofstr+" | "+lofst+" |")
       print(upb)
   return("")
  except(ValueError):
   print(Style.BRIGHT+Fore.RED+"[!] Uh oh! No parameters in URL!"+Style.RESET_ALL)
   again()
 def complete(p,r,c,d):
  print("[+] Bruteforce Completed.")
  if c == 0:
   print("[+] Given parameters are "+Style.BRIGHT+Fore.GREEN+"not vulnerable"+Style.RESET_ALL+" to XSS.")
  elif c ==1:
   print("[+] %s Parameter is "+Style.BRIGHT+Fore.RED+"vulnerable"+Style.RESET_ALL+" to XSS.")%c
  else:
   print("[+] %s Parameters are "+Style.BRIGHT+Fore.RED+"vulnerable"+Style.RESET_ALL+" to XSS.")%c
  print("[+] Scan Result for %s:")%d
  print bg(p,r)
  again()
 def GET():
   try:
    try:
     grey = Style.DIM+Fore.WHITE
     site = raw_input("[?] Enter [url=\n]URL:\n[/url][?] > ") #Taking URL
     if 'https://' in site:
      pass
     elif 'http://' in site:
      pass
     else:
      site = "[url=http://]http://"+site[/url]
     finalurl = urlparse.urlparse(site)
     urldata = urlparse.parse_qsl(finalurl.query)
     domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl)
     domain = domain0.replace("[url=https://]https://","").replace("http://","").replace("www.","").replace("/[/url]","")
     print (Style.DIM+Fore.WHITE+"[+] Checking if "+domain+" is available..."+Style.RESET_ALL)
     connection = httplib.HTTPConnection(domain)
     connection.connect()
     print("[+] "+Fore.GREEN+domain+" is available! Good!"+Style.RESET_ALL)
     url = site
     paraname = []
     paravalue = []
     wordlist = raw_input("[?] Enter location of Wordlist (Press Enter to use default wordlist.txt)\n[?] > ")
     if len(wordlist) == 0:
      wordlist = 'wordlist.txt'
      print(grey+"[+] Using Default wordlist..."+Style.RESET_ALL)
     else:
      pass
     payloads = []
     wordlistimport(wordlist,payloads)
     lop = str(len(payloads))
     grey = Style.DIM+Fore.WHITE
     print(Style.DIM+Fore.WHITE+"[+] "+lop+" Payloads loaded..."+Style.RESET_ALL)
     print("[+] Bruteforce start:")
     o = urlparse.urlparse(site)
     parameters = urlparse.parse_qs(o.query,keep_blank_values=True)
     path = urlparse.urlparse(site).scheme+"://"+urlparse.urlparse(site).netloc+urlparse.urlparse(site).path
     for para in parameters: #Arranging parameters and values.
      for i in parameters[para]:
       paraname.append(para)
       paravalue.append(i)
     total = 0
     c = 0
     fpar = []
     fresult = []
     progress = 0
     for pn, pv in zip(paraname,paravalue): #Scanning the parameter.
      print(grey+"[+] Testing '"+pn+"' parameter..."+Style.RESET_ALL)
      fpar.append(str(pn))
      for x in payloads: #
       validate = x.translate(None, whitespace)
       if validate == "":
        progress = progress + 1
       else:
        sys.stdout.write("\r[+] %i / %s payloads injected..."% (progress,len(payloads)))
        sys.stdout.flush()
        progress = progress + 1
        enc = urllib.quote_plus(x)
        data = path+"?"+pn+"="+pv+enc
        page = urllib.urlopen(data)
        sourcecode = page.read()
        if x in sourcecode:
         print(Style.BRIGHT+Fore.RED+"\n[!]"+" XSS Vulnerability Found! \n"+Fore.RED+Style.BRIGHT+"[!]"+" Parameter:\t%s\n"+Fore.RED+Style.BRIGHT+"[!]"+" Payload:\t%s"+Style.RESET_ALL)%(pn,x)
         fresult.append("  Vulnerable  ")
         c = 1
         total = total+1
         progress = progress + 1
         break
        else:
         c = 0
      if c == 0:
       print(Style.BRIGHT+Fore.GREEN+"\n[+]"+Style.RESET_ALL+Style.DIM+Fore.WHITE+" '%s' parameter not vulnerable."+Style.RESET_ALL)%pn
       fresult.append("Not Vulnerable")
       progress = progress + 1
       pass
      progress = 0
     complete(fpar,fresult,total,domain)
    except(httplib.HTTPResponse, socket.error) as Exit:
     print(Style.BRIGHT+Fore.RED+"[!] Site "+domain+" is offline!"+Style.RESET_ALL)
     again()
   except(KeyboardInterrupt) as Exit:
    print("\nExit...")
 def POST():
  try:
   try:
    try:
     br = mechanize.Browser()
     br.addheaders = [('User-agent', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11')]
     br.set_handle_robots(False)
     br.set_handle_refresh(False)
     site = raw_input("[?] Enter [url=\n]URL:\n[/url][?] > ") #Taking URL
     if 'https://' in site:
      pass
     elif 'http://' in site:
      pass
     else:
      site = "[url=http://]http://"+site[/url]
     finalurl = urlparse.urlparse(site)
     urldata = urlparse.parse_qsl(finalurl.query)
     domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl)
     domain = domain0.replace("[url=https://]https://","").replace("http://","").replace("www.","").replace("/[/url]","")
     print (Style.DIM+Fore.WHITE+"[+] Checking if "+domain+" is available..."+Style.RESET_ALL)
     connection = httplib.HTTPConnection(domain)
     connection.connect()
     print("[+] "+Fore.GREEN+domain+" is available! Good!"+Style.RESET_ALL)
     path = urlparse.urlparse(site).scheme+"://"+urlparse.urlparse(site).netloc+urlparse.urlparse(site).path
     url = site
     param = str(raw_input("[?] Enter post data: > "))
     wordlist = raw_input("[?] Enter location of Wordlist (Press Enter to use default wordlist.txt)\n[?] > ")
     if len(wordlist) == 0:
      wordlist = 'wordlist.txt'
      print("[+] Using Default wordlist...")
     else:
      pass
     payloads = []
     wordlistimport(wordlist,payloads)
     lop = str(len(payloads))
     grey = Style.DIM+Fore.WHITE
     print(Style.DIM+Fore.WHITE+"[+] "+lop+" Payloads loaded..."+Style.RESET_ALL)
     print("[+] Bruteforce start:")
     params = "[url=http://www.site.com/?]http://www.site.com/?"+param[/url]
     finalurl = urlparse.urlparse(params)
     urldata = urlparse.parse_qsl(finalurl.query)
     o = urlparse.urlparse(params)
     parameters = urlparse.parse_qs(o.query,keep_blank_values=True)
     paraname = []
     paravalue = []
     for para in parameters: #Arranging parameters and values.
      for i in parameters[para]:
       paraname.append(para)
       paravalue.append(i)
     fpar = []
     fresult = []
     total = 0
     progress = 0
     pname1 = [] #parameter name
     payload1 = []
     for pn, pv in zip(paraname,paravalue): #Scanning the parameter.
      print(grey+"[+] Testing '"+pn+"' parameter..."+Style.RESET_ALL)
      fpar.append(str(pn))
      for i in payloads:
       validate = i.translate(None, whitespace)
       if validate == "":
        progress = progress + 1
       else:
        progress = progress + 1
        sys.stdout.write("\r[+] %i / %s payloads injected..."% (progress,len(payloads)))
        sys.stdout.flush()
        pname1.append(pn)
        payload1.append(str(i))
        d4rk = 0
        for m in range(len(paraname)):
         d = paraname[d4rk]
         d1 = paravalue[d4rk]
         tst= "".join(pname1)
         tst1 = "".join(d)
         if pn in d:
          d4rk = d4rk + 1
         else:
          d4rk = d4rk +1
          pname1.append(str(d))
          payload1.append(str(d1))
        data = urllib.urlencode(dict(zip(pname1,payload1)))
        r = br.open(path, data)
        sourcecode =  r.read()
        pname1 = []
        payload1 = []
        if i in sourcecode:
         print(Style.BRIGHT+Fore.RED+"\n[!]"+" XSS Vulnerability Found! \n"+Fore.RED+Style.BRIGHT+"[!]"+" Parameter:\t%s\n"+Fore.RED+Style.BRIGHT+"[!]"+" Payload:\t%s"+Style.RESET_ALL)%(pn,i)
         fresult.append("  Vulnerable  ")
         c = 1
         total = total+1
         progress = progress + 1
         break
        else:
         c = 0
      if c == 0:
       print(Style.BRIGHT+Fore.GREEN+"\n[+]"+Style.RESET_ALL+Style.DIM+Fore.WHITE+" '%s' parameter not vulnerable."+Style.RESET_ALL)%pn
       fresult.append("Not Vulnerable")
       progress = progress + 1
       pass
      progress = 0
     complete(fpar,fresult,total,domain)
    except(httplib.HTTPResponse, socket.error) as Exit:
     print(Style.BRIGHT+Fore.RED+"[!] Site "+domain+" is offline!"+Style.RESET_ALL)
     again()
   except(KeyboardInterrupt) as Exit:
    print("\nExit...")
  except (mechanize.HTTPError,mechanize.URLError) as e:
   print(Style.BRIGHT+Fore.RED+"\n[!] HTTP ERROR! %s %s"+Style.RESET_ALL)%(e.code,e.reason)
 try:
  methodselect = raw_input("[?] Select method: [G]ET or [P]OST (G/P): ").lower()
  if methodselect == 'g':
   GET()
  elif methodselect == 'p':
   POST()
  else:
   print("[!] Incorrect method selected.")
   again()
 except(KeyboardInterrupt) as Exit:
  print("\nExit...")
brutexss()

 


高大上好华丽的Py代码
于是乎,本宝宝便开始汉化~~~经过各种百度翻译,有道翻译与空格小朋友的帮助下我完成了汉化
ps:汉化版主程序源码

#!/usr/bin/env python
#-*-coding:gbk-*-
#!BruteXSS
#!Cross-Site Scripting Bruteforcer
#!Author: Sinyer
#!Site: [url=http://www.analyz3r.cn]http://www.analyz3r.cn[/url]
from string import whitespace
import httplib
import urllib
import socket
import urlparse
import os
import sys
import time
from colorama import init , Style, Back,Fore
import mechanize
import httplib
init()
banner = """                                                                                       
  ____             _        __  ______ ____ 
 | __ ) _ __ _   _| |_ ___  \ \/ / ___/ ___|
 |  _ \| '__| | | | __/ _ \  \  /\___ \___ \
 | |_) | |  | |_| | ||  __/  /  \ ___) |__) |
 |____/|_|   \__,_|\__\___| /_/\_\____/____/
                                           
 BruteXSS——跨站点脚本BruteForcer
 汉化:Sinyer——bolg:[url]http://www.analyz3r.cn[/url]
 By:Sinyer i春秋:[url=http://bbs.ichunqiu.com]http://bbs.ichunqiu.com[/url]
 注意:使用错误的有效载荷的定义
 字典可能给你积极性质
 更好地使用字典
 提供积极的结果。
"""
def brutexss():
 if os.name == 'nt':
  os.system('cls')
 else:
  os.system('clear')
 print banner
 def again():
  inp = raw_input("[?] [E]结束进程\[A]程序初始化").lower()
  if inp == 'a':
   brutexss()
  elif inp == 'e':
   exit()
  else:
   print("[!] 不正确的选择")
   again()
 grey = Style.DIM+Fore.WHITE
 def wordlistimport(file,lst):
  try:
   with open(file,'r') as f: #Importing Payloads from specified wordlist.
    print(Style.DIM+Fore.WHITE+"[+] 从指定字典加载载荷....."+Style.RESET_ALL)
    for line in f:
     final = str(line.replace("\n",""))
     lst.append(final)
  except IOError:
   print(Style.BRIGHT+Fore.RED+"[!] 字典未找到!"+Style.RESET_ALL)
   again()
 def bg(p,status):
  try:
   b = ""
   l = ""
   lostatus = ""
   num = []
   s = len(max(p, key=len)) #list
   if s < 10:
    s = 10
   for i in range(len(p)): num.append(i)
   maxval = str(len(num)) #number
   for i in range(s) : b = b + "-"
   for i in range(len(maxval)):l = l + "-"
   statuslen = len(max(status, key=len))
   for i in range(statuslen) : lostatus = lostatus + "-"
   if len(b) < 10 :
    b = "----------"
   if len(lostatus) < 14:
    lostatus="--------------"
   if len(l) < 2 :
    l = "--"
   los = statuslen
   if los < 14:
    los = 14
   lenb=len(str(len(b)))
   if lenb < 14:
    lenb = 10
   else:
    lenb = 20
   upb = ("+-%s-+-%s-+-%s-+")%(l,b,lostatus)
   print(upb)
   st0 = "Parameters"
   st1 = "Status"
   print("| Id | "+st0.center(s," ")+" | "+st1.center(los," ")+" |")
   print(upb)
   for n,i,d in zip(num,p,status):
       string = (" %s | %s ")%(str(n),str(i));
       lofnum = str(n).center(int(len(l))," ")
       lofstr = i.center(s," ")
       lofst = d.center(los," ")
       if "Not Vulnerable" in lofst:
        lofst = Fore.GREEN+d.center(los," ")+Style.RESET_ALL
       else:
        lofst = Fore.RED+d.center(los," ")+Style.RESET_ALL
       print("| "+lofnum+" | "+lofstr+" | "+lofst+" |")
       print(upb)
   return("")
  except(ValueError):
   print(Style.BRIGHT+Fore.RED+"[!] 没有发现参数的URL!"+Style.RESET_ALL)
   again()
 def complete(p,r,c,d):
  print("[+] Bruteforce完成。")
  if c == 0:
   print("[+] 咦!没有参数的URL "+Style.BRIGHT+Fore.GREEN+"not vulnerable"+Style.RESET_ALL+" to XSS.")
  elif c ==1:
   print("[+] %s 参数是 "+Style.BRIGHT+Fore.RED+"容易攻击的"+Style.RESET_ALL+" xss.")%c
  else:
   print("[+] %s 参数是 "+Style.BRIGHT+Fore.RED+"容易攻击的"+Style.RESET_ALL+" XSS.")%c
  print("[+] 扫描结果 %s:")%d
  print bg(p,r)
  again()
 def GET():
   try:
    try:
     grey = Style.DIM+Fore.WHITE
     site = raw_input("[?] 输入 [url=\n]URL:\n[/url][?] > ") #Taking URL
     if 'https://' in site:
      pass
     elif 'http://' in site:
      pass
     else:
      site = "[url=http://]http://"+site[/url]
     finalurl = urlparse.urlparse(site)
     urldata = urlparse.parse_qsl(finalurl.query)
     domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl)
     domain = domain0.replace("[url=https://]https://","").replace("http://","").replace("www.","").replace("/[/url]","")
     print (Style.DIM+Fore.WHITE+"[+] 检测 "+domain+" 是可用的..."+Style.RESET_ALL)
     connection = httplib.HTTPConnection(domain)
     connection.connect()
     print("[+] "+Fore.GREEN+domain+" is available! Good!"+Style.RESET_ALL)
     url = site
     paraname = []
     paravalue = []
     wordlist = raw_input("[?] 输入字典的位置 (按Enter键使用默认 wordlist.txt)\n[?] > ")
     if len(wordlist) == 0:
      wordlist = 'wordlist.txt'
      print(grey+"[+] 使用默认字典..."+Style.RESET_ALL)
     else:
      pass
     payloads = []
     wordlistimport(wordlist,payloads)
     lop = str(len(payloads))
     grey = Style.DIM+Fore.WHITE
     print(Style.DIM+Fore.WHITE+"[+] "+lop+" 攻击载荷加载..."+Style.RESET_ALL)
     print("[+] Bruteforce开始:")
     o = urlparse.urlparse(site)
     parameters = urlparse.parse_qs(o.query,keep_blank_values=True)
     path = urlparse.urlparse(site).scheme+"://"+urlparse.urlparse(site).netloc+urlparse.urlparse(site).path
     for para in parameters: #Arranging parameters and values.
      for i in parameters[para]:
       paraname.append(para)
       paravalue.append(i)
     total = 0
     c = 0
     fpar = []
     fresult = []
     progress = 0
     for pn, pv in zip(paraname,paravalue): #Scanning the parameter.
      print(grey+"[+] 测试 '"+pn+"' 参数..."+Style.RESET_ALL)
      fpar.append(str(pn))
      for x in payloads: #
       validate = x.translate(None, whitespace)
       if validate == "":
        progress = progress + 1
       else:
        sys.stdout.write("\r[+] %i / %s 攻击载荷注入..."% (progress,len(payloads)))
        sys.stdout.flush()
        progress = progress + 1
        enc = urllib.quote_plus(x)
        data = path+"?"+pn+"="+pv+enc
        page = urllib.urlopen(data)
        sourcecode = page.read()
        if x in sourcecode:
         print(Style.BRIGHT+Fore.RED+"\n[!]"+" Xss漏洞发现 \n"+Fore.RED+Style.BRIGHT+"[!]"+" 参数:\t%s\n"+Fore.RED+Style.BRIGHT+"[!]"+" Payload:\t%s"+Style.RESET_ALL)%(pn,x)
         fresult.append("  Vulnerable  ")
         c = 1
         total = total+1
         progress = progress + 1
         break
        else:
         c = 0
      if c == 0:
       print(Style.BRIGHT+Fore.GREEN+"\n[+]"+Style.RESET_ALL+Style.DIM+Fore.WHITE+" '%s' parameter not vulnerable."+Style.RESET_ALL)%pn
       fresult.append("不脆弱")
       progress = progress + 1
       pass
      progress = 0
     complete(fpar,fresult,total,domain)
    except(httplib.HTTPResponse, socket.error) as Exit:
     print(Style.BRIGHT+Fore.RED+"[!] 网站 "+domain+" 是离线!"+Style.RESET_ALL)
     again()
   except(KeyboardInterrupt) as Exit:
    print("\n退出...")
 def POST():
  try:
   try:
    try:
     br = mechanize.Browser()
     br.addheaders = [('User-agent', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11')]
     br.set_handle_robots(False)
     br.set_handle_refresh(False)
     site = raw_input("[?] 输入 [url=\n]URL:\n[/url][?] > ") #Taking URL
     if 'https://' in site:
      pass
     elif 'http://' in site:
      pass
     else:
      site = "[url=http://]http://"+site[/url]
     finalurl = urlparse.urlparse(site)
     urldata = urlparse.parse_qsl(finalurl.query)
     domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl)
     domain = domain0.replace("[url=https://]https://","").replace("http://","").replace("www.","").replace("/[/url]","")
     print (Style.DIM+Fore.WHITE+"[+] 检查 "+domain+" 是可用的..."+Style.RESET_ALL)
     connection = httplib.HTTPConnection(domain)
     connection.connect()
     print("[+] "+Fore.GREEN+domain+" 可以使用!"+Style.RESET_ALL)
     path = urlparse.urlparse(site).scheme+"://"+urlparse.urlparse(site).netloc+urlparse.urlparse(site).path
     url = site
     param = str(raw_input("[?] Enter post data: > "))
     wordlist = raw_input("[?] 输入字典的位置 (按Enter键使用默认 wordlist.txt)\n[?] > ")
     if len(wordlist) == 0:
      wordlist = 'wordlist.txt'
      print("[+] 使用默认字典...")
     else:
      pass
     payloads = []
     wordlistimport(wordlist,payloads)
     lop = str(len(payloads))
     grey = Style.DIM+Fore.WHITE
     print(Style.DIM+Fore.WHITE+"[+] "+lop+" 攻击载荷加载..."+Style.RESET_ALL)
     print("[+] Bruteforce start:")
     params = "[url=http://www.analyz3r.cn/?]http://www.analyz3r.cn/?"+param[/url]
     finalurl = urlparse.urlparse(params)
     urldata = urlparse.parse_qsl(finalurl.query)
     o = urlparse.urlparse(params)
     parameters = urlparse.parse_qs(o.query,keep_blank_values=True)
     paraname = []
     paravalue = []
     for para in parameters: #Arranging parameters and values.
      for i in parameters[para]:
       paraname.append(para)
       paravalue.append(i)
     fpar = []
     fresult = []
     total = 0
     progress = 0
     pname1 = [] #parameter name
     payload1 = []
     for pn, pv in zip(paraname,paravalue): #Scanning the parameter.
      print(grey+"[+] 测试 '"+pn+"' 参数..."+Style.RESET_ALL)
      fpar.append(str(pn))
      for i in payloads:
       validate = i.translate(None, whitespace)
       if validate == "":
        progress = progress + 1
       else:
        progress = progress + 1
        sys.stdout.write("\r[+] %i / %s 攻击载荷注入..."% (progress,len(payloads)))
        sys.stdout.flush()
        pname1.append(pn)
        payload1.append(str(i))
        d4rk = 0
        for m in range(len(paraname)):
         d = paraname[d4rk]
         d1 = paravalue[d4rk]
         tst= "".join(pname1)
         tst1 = "".join(d)
         if pn in d:
          d4rk = d4rk + 1
         else:
          d4rk = d4rk +1
          pname1.append(str(d))
          payload1.append(str(d1))
        data = urllib.urlencode(dict(zip(pname1,payload1)))
        r = br.open(path, data)
        sourcecode =  r.read()
        pname1 = []
        payload1 = []
        if i in sourcecode:
         print(Style.BRIGHT+Fore.RED+"\n[!]"+" XSS 漏洞发现! \n"+Fore.RED+Style.BRIGHT+"[!]"+" 参数:\t%s\n"+Fore.RED+Style.BRIGHT+"[!]"+" 攻击载荷:\t%s"+Style.RESET_ALL)%(pn,i)
         fresult.append("  脆弱的  ")
         c = 1
         total = total+1
         progress = progress + 1
         break
        else:
         c = 0
      if c == 0:
       print(Style.BRIGHT+Fore.GREEN+"\n[+]"+Style.RESET_ALL+Style.DIM+Fore.WHITE+" '%s' 参数不脆弱."+Style.RESET_ALL)%pn
       fresult.append("不脆弱")
       progress = progress + 1
       pass
      progress = 0
     complete(fpar,fresult,total,domain)
    except(httplib.HTTPResponse, socket.error) as Exit:
     print(Style.BRIGHT+Fore.RED+"[!] 网站 "+domain+" 是离线!"+Style.RESET_ALL)
     again()
   except(KeyboardInterrupt) as Exit:
    print("\n退出...")
  except (mechanize.HTTPError,mechanize.URLError) as e:
   print(Style.BRIGHT+Fore.RED+"\n[!] HTTP错误! %s %s"+Style.RESET_ALL)%(e.code,e.reason)
 try:
  methodselect = raw_input("[?] 选择方法: [G]GET 或者 [P]Post (G/P): ").lower()
  if methodselect == 'g':
   GET()
  elif methodselect == 'p':
   POST()
  else:
   print("[!] 不正确的方法选择.")
   again()
 except(KeyboardInterrupt) as Exit:
  print("\nExit...")
brutexss()




Dung~~  这代码是不是很高亮,是不是很华丽。。。   当然,我汉化的并不好,不过比原版更容易看懂多了,来个对比


是不是很华丽~~很潇洒

ps: 文字汉化的时候编码很痛苦,找了好几个不对例如啥UTF-8  编译出来直接乱码,我尼玛。。。。。。。。 最后使用GBK才没有~~


附件上传~~求顶求顶,,,尼玛汉化是个体力活~~勿喷勿喷。、。。
上传的为原版,把汉化版主程序源码替换即可~~

链接: http://pan.baidu.com/s/1cDt4OQ 密码: mr2q

本文来自: 蜗蜗侠's Blog-关注网络安全 http://blog.icxun.cn/Tools/276.html

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

相关文章
  • XSS漏洞检测爬虫-XSScrapy

    XSS漏洞检测爬虫-XSScrapy

    2016-11-27 16:45

网友点评
暂时未开启评论功能~