swisskyrepo
/
DamnWebScanner
mirror of https://github.com/swisskyrepo/DamnWebScanner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug fixes - Button Start/Stop sync + logo for notif

master
swisskyrepo 2016-12-27 17:39:14 +01:00
parent c15e76fc63
commit 71b589dbb7
7 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Plugin/background.js
View File

@ -95,7 +95,7 @@ function send_target(server, url, deep, impact){
} }
// Set a clean local storage // Set a clean local storage
chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 1, 'list':'' }) chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 0, 'list':'' })
// Launch a scan when the tab change // Launch a scan when the tab change
chrome.tabs.onActivated.addListener(function(activeInfo) { chrome.tabs.onActivated.addListener(function(activeInfo) {

0
Plugin/icons/icon.png → Plugin/icon.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

2
Plugin/manifest.json
View File

@ -7,7 +7,7 @@
"version": "1.0", "version": "1.0",
"browser_action": { "browser_action": {
"default_icon": "icons/icon.png", "default_icon": "icon.png",
"default_popup": "popup.html" "default_popup": "popup.html"
}, },

4
Plugin/popup.html
View File

@ -25,7 +25,7 @@
text-transform: uppercase; text-transform: uppercase;
text-align: center; text-align: center;
color: white; color: white;
background-image: -webkit-linear-gradient(top,#EA464A,#D43C40); background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);
font-family: arial; font-family: arial;
font-weight: bold; font-weight: bold;
line-height: 30px; line-height: 30px;
@ -62,7 +62,7 @@
</div> </div>
<!-- Used only to display debug informations--> <!-- Used only to display debug informations-->
<a href='#stop' id='stop'>STOP</a> <a href='#stop' id='stop'>START</a>
<a href='./vulns.html' target=_blank id='export'>LIST</a> <a href='./vulns.html' target=_blank id='export'>LIST</a>
<div id='debug'> <div id='debug'>
<span id='status'>Status Server</span> <span id='status'>Status Server</span>

15
Plugin/popup.js
View File

@ -87,7 +87,18 @@ document.addEventListener('DOMContentLoaded', function() {
getCurrentTab(function(tab) { getCurrentTab(function(tab) {
// Display local storage // Display local storage
chrome.storage.sync.get(['xss','sql','lfi','list'], function(items) { chrome.storage.sync.get(['xss','sql','lfi','list','work'], function(items) {
// Update start button
if (items['work'] == 0){
document.getElementById("stop").textContent = "START";
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);";
}
else{
document.getElementById("stop").textContent = "STOP";
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#EA464A,#D43C40);";
}
// Display the list of vulns // Display the list of vulns
var vulns = escape(items['list']).split('%7CDELIMITER%7C') var vulns = escape(items['list']).split('%7CDELIMITER%7C')
@ -130,7 +141,7 @@ document.addEventListener('DOMContentLoaded', function() {
document.getElementById("stop").addEventListener('click', () => { document.getElementById("stop").addEventListener('click', () => {
if(document.getElementById("stop").textContent == "STOP"){ if(document.getElementById("stop").textContent == "STOP"){
document.getElementById("stop").textContent = "START"; document.getElementById("stop").textContent = "START";
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#99EA46,#71D43C);"; document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);";
chrome.storage.sync.set({'work': 0}); chrome.storage.sync.set({'work': 0});
} }
else{ else{

8
Plugin/vulns.html
View File

@ -27,7 +27,7 @@
text-transform: uppercase; text-transform: uppercase;
text-align: center; text-align: center;
color: white; color: white;
background-image: -webkit-linear-gradient(top,#EA464A,#D43C40); background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);
font-family: arial; font-family: arial;
font-weight: bold; font-weight: bold;
line-height: 30px; line-height: 30px;
@ -43,8 +43,8 @@
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; } .datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 16px; } .datagrid table td, .datagrid table th { padding: 3px 16px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; } .datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; }
.datagrid table thead th:first-child { border: none; } .datagrid table thead th:first-child {padding:8px; border: none; }
.datagrid table tbody td { color: #00557F; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; } .datagrid table tbody td {padding:8px; color: #00557F; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }
.datagrid table tbody .alt td { background: #E1EEf4; color: #00557F; } .datagrid table tbody .alt td { background: #E1EEf4; color: #00557F; }
.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; } .datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }
.datagrid{ width: 70%; margin: 0 auto; margin-bottom: 20px;} .datagrid{ width: 70%; margin: 0 auto; margin-bottom: 20px;}
@ -89,7 +89,7 @@
</div> </div>
<!-- Used only to display debug informations--> <!-- Used only to display debug informations-->
<a href='#stop' id='stop'>STOP</a> <a href='#stop' id='stop'>START</a>
<a href='./vulns.html' id='export'>LIST</a> <a href='./vulns.html' id='export'>LIST</a>
<div id='debug'> <div id='debug'>
<span id='status'>Status Server</span> <span id='status'>Status Server</span>

9
README.md
View File

@ -7,7 +7,7 @@ Currently it scans for:
- Cross Site Scripting - Cross Site Scripting
- Local File Inclusion - Local File Inclusion
**Warnings :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a BETA version, many improvements will come don't worry **Warnings :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a **BETA version**, many improvements will come don't worry
## Install ## Install
You need to install and configure the server, it uses ghost and flask with gunicorn You need to install and configure the server, it uses ghost and flask with gunicorn
@ -32,7 +32,7 @@ chmod +x ./launch
``` ```
var config_server = "http://127.0.0.1:8000"; var config_server = "http://127.0.0.1:8000";
``` ```
4 - Browse the internet ! 4 - Browse the internet ! (Don't forget to start the extension by clicking the 'START' button)
## New features ## New features
- Detect if the server is up - Detect if the server is up
@ -40,7 +40,7 @@ var config_server = "http://127.0.0.1:8000";
- New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag) - New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag)
- Basic page to list the vulnerabilities URL and TYPE - Basic page to list the vulnerabilities URL and TYPE
- Time based SQLi scanner using polyglot vectors (MySQL, SQLite, Oracle, Postgresql, SQL Server) - Time based SQLi scanner using polyglot vectors (MySQL, SQLite, Oracle, Postgresql, SQL Server)
- New logo for the plugin - New logo for the extension
## TODO - Work in progress ## TODO - Work in progress
- Should detect target in source code.. (list of targets, then launch scan) - Should detect target in source code.. (list of targets, then launch scan)
@ -49,7 +49,8 @@ var config_server = "http://127.0.0.1:8000";
- Add some functions from https://sergeybelove.ru/one-button-scan/result/3004e0b978f19e58e3239087d119742779e1efbc/ - Add some functions from https://sergeybelove.ru/one-button-scan/result/3004e0b978f19e58e3239087d119742779e1efbc/
- Deep and impact : args['url'],args['deep'],args['impact'] - Deep and impact : args['url'],args['deep'],args['impact']
- Command injection :&sleep 5&'\"0&sleep 5&`' - Command injection :&sleep 5&'\"0&sleep 5&`'
- Launch scan when a button is submitted - Launch scan when a button is clicked/ form submitted / page opened via URL
- LFI scan improvement with data: wrapper
## Thanks ## Thanks
- Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/) - Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)