From b55243b60a22dd3b396e4856ebb00d77a35f5354 Mon Sep 17 00:00:00 2001 From: swisskyrepo Date: Mon, 26 Dec 2016 16:00:57 +0100 Subject: [PATCH] Page to display vulnerabilities - Only display URL --- Plugin/background.js | 22 +++++++++- Plugin/popup.html | 11 ++++- Plugin/popup.js | 47 ++++++++++++--------- Plugin/vulns.html | 98 ++++++++++++++++++++++++++++++++++++++++++++ README.md | 3 +- 5 files changed, 157 insertions(+), 24 deletions(-) create mode 100644 Plugin/vulns.html diff --git a/Plugin/background.js b/Plugin/background.js index ebe40b0..250cf5c 100644 --- a/Plugin/background.js +++ b/Plugin/background.js @@ -36,10 +36,17 @@ function send_target(server, url, deep, impact){ // Notifications and update local storage if (http_data.xss != '0'){ + + // Update XSS count chrome.storage.sync.get(['xss'], function(items) { chrome.storage.sync.set({'xss': items['xss']+1}) }); + // Update vulnerabilities URL list + chrome.storage.sync.get(['list'], function(items) { + chrome.storage.sync.set({'list': items['list']+http_data.list}) + }); + new Notification('New vulnerability detected !', { icon: 'icon.png', body: 'XSS on '+extract_domain(unescape(url)) @@ -47,10 +54,17 @@ function send_target(server, url, deep, impact){ } if (http_data.sql != '0'){ + + // Update SQL count chrome.storage.sync.get(['sql'], function(items) { chrome.storage.sync.set({'sql': items['sql']+1}) }); + // Update vulnerabilities URL list + chrome.storage.sync.get(['list'], function(items) { + chrome.storage.sync.set({'list': items['list']+http_data.list}) + }); + new Notification('New vulnerability detected !', { icon: 'icon.png', body: 'SQLi on '+extract_domain(unescape(url)) @@ -58,10 +72,16 @@ function send_target(server, url, deep, impact){ } if (http_data.lfi != '0'){ + // Update LFI count chrome.storage.sync.get(['lfi'], function(items) { chrome.storage.sync.set({'lfi': items['lfi']+1}) }); + // Update vulnerabilities URL list + chrome.storage.sync.get(['list'], function(items) { + chrome.storage.sync.set({'list': items['list']+http_data.list}) + }); + new Notification('New vulnerability detected !', { icon: 'icon.png', body: 'LFI on '+extract_domain(unescape(url)) @@ -75,7 +95,7 @@ function send_target(server, url, deep, impact){ } // Set a clean local storage -chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 1 }) +chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 1, 'list':'' }) // Launch a scan when the tab change chrome.tabs.onActivated.addListener(function(activeInfo) { diff --git a/Plugin/popup.html b/Plugin/popup.html index ea189b2..5828f7d 100644 --- a/Plugin/popup.html +++ b/Plugin/popup.html @@ -37,6 +37,10 @@ #debug{ margin-top: 20px; } + #list{ + display: none; + text-align: left; + } @@ -59,7 +63,10 @@ STOP - EXPORT -
Status Server
+ LIST +
+ Status Server + +
\ No newline at end of file diff --git a/Plugin/popup.js b/Plugin/popup.js index 404df82..5cc8a5c 100644 --- a/Plugin/popup.js +++ b/Plugin/popup.js @@ -87,10 +87,32 @@ document.addEventListener('DOMContentLoaded', function() { getCurrentTab(function(tab) { // Display local storage - chrome.storage.sync.get(['xss','sql','lfi'], function(items) { - document.getElementById("xss").textContent = items['xss'] + " Cross Site Scripting"; - document.getElementById("sql").textContent = items['sql'] + " Injection SQL"; - document.getElementById("lfi").textContent = items['lfi'] + " Local File Inclusion"; + chrome.storage.sync.get(['xss','sql','lfi','list'], function(items) { + + // Display the list of vulns + var vulns = escape(items['list']).split('%7CDELIMITER%7C') + var i = 0; + vulns.forEach(function(y) + { + y = encodeURI(unescape(y)); + if(y!==''){ + + var style = ""; + if (i%2 == 1){ + style = ' class="alt"'; + } + + document.getElementById('list').innerHTML += ('XSS'+y.substring(0,150)+''); + i++; + } + + } + ); + + // Display vulnerabilities' count + document.getElementById("xss").textContent = items['xss'] + " Cross Site Scripting"; + document.getElementById("sql").textContent = items['sql'] + " Injection SQL"; + document.getElementById("lfi").textContent = items['lfi'] + " Local File Inclusion"; document.getElementById("total").textContent = "Total : "+ (items['lfi']+items['xss']+items['sql']) +" vulnerability found"; }); @@ -111,20 +133,5 @@ document.addEventListener('DOMContentLoaded', function() { chrome.storage.sync.set({'work': 1}); } }); - - // Second button ... - document.getElementById("export").addEventListener('click', () => { - function confirmation() { - //document.getElementById("debug").textContent = http_data.list; - alert('Not available yet..') - } - chrome.tabs.executeScript({code: '(' + confirmation + ')();'}, (results) => { - document.getElementById('status').textContent = results[0]; - }); - }); - }); - -}); - - +}); \ No newline at end of file diff --git a/Plugin/vulns.html b/Plugin/vulns.html new file mode 100644 index 0000000..14d39ef --- /dev/null +++ b/Plugin/vulns.html @@ -0,0 +1,98 @@ + + + + Damn Website Scanner + + + + + + +

Damn Website Scanner - List of vulnerabilities

+ +
+ + +
+ + + + + + + + + + +
TypeURL of the vulnerability
+
+ +

Total : 0 vulnerability found

+ +
    +
  • 0 Cross Site Scripting
    • +
  • 0 Injection SQL
    • +
  • 0 Local File Inclusion
    • +
+ +
+ + + STOP + LIST +
+ Status Server +
+ + \ No newline at end of file diff --git a/README.md b/README.md index 99acd93..83b820a 100755 --- a/README.md +++ b/README.md @@ -13,10 +13,11 @@ Currently it scans for: - Detect if the server is up - Start/Stop button - New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag) +- Basic page to list the vulnerabilities ## TODO - Work in progress -- Get vuln list in localstorage (list) - ScanSQLTime/ScanSQLBlind +- Should detect target in source code.. - Should detect and work with POST requests - Export function for vulnerabilities - Add some functions from https://sergeybelove.ru/one-button-scan/result/3004e0b978f19e58e3239087d119742779e1efbc/