Page to display vulnerabilities - Only display URL

master
swisskyrepo 2016-12-26 16:00:57 +01:00
parent 1362da21be
commit b55243b60a
5 changed files with 157 additions and 24 deletions

View File

@ -36,10 +36,17 @@ function send_target(server, url, deep, impact){
// Notifications and update local storage
if (http_data.xss != '0'){
// Update XSS count
chrome.storage.sync.get(['xss'], function(items) {
chrome.storage.sync.set({'xss': items['xss']+1})
});
// Update vulnerabilities URL list
chrome.storage.sync.get(['list'], function(items) {
chrome.storage.sync.set({'list': items['list']+http_data.list})
});
new Notification('New vulnerability detected !', {
icon: 'icon.png',
body: 'XSS on '+extract_domain(unescape(url))
@ -47,10 +54,17 @@ function send_target(server, url, deep, impact){
}
if (http_data.sql != '0'){
// Update SQL count
chrome.storage.sync.get(['sql'], function(items) {
chrome.storage.sync.set({'sql': items['sql']+1})
});
// Update vulnerabilities URL list
chrome.storage.sync.get(['list'], function(items) {
chrome.storage.sync.set({'list': items['list']+http_data.list})
});
new Notification('New vulnerability detected !', {
icon: 'icon.png',
body: 'SQLi on '+extract_domain(unescape(url))
@ -58,10 +72,16 @@ function send_target(server, url, deep, impact){
}
if (http_data.lfi != '0'){
// Update LFI count
chrome.storage.sync.get(['lfi'], function(items) {
chrome.storage.sync.set({'lfi': items['lfi']+1})
});
// Update vulnerabilities URL list
chrome.storage.sync.get(['list'], function(items) {
chrome.storage.sync.set({'list': items['list']+http_data.list})
});
new Notification('New vulnerability detected !', {
icon: 'icon.png',
body: 'LFI on '+extract_domain(unescape(url))
@ -75,7 +95,7 @@ function send_target(server, url, deep, impact){
}
// Set a clean local storage
chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 1 })
chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 1, 'list':'' })
// Launch a scan when the tab change
chrome.tabs.onActivated.addListener(function(activeInfo) {

View File

@ -37,6 +37,10 @@
#debug{
margin-top: 20px;
}
#list{
display: none;
text-align: left;
}
</style>
<script src="popup.js"></script>
</head>
@ -59,7 +63,10 @@
<!-- Used only to display debug informations-->
<a href='#stop' id='stop'>STOP</a>
<a href='#export' id='export'>EXPORT</a>
<div id='debug'><span id='status'>Status Server</span></div>
<a href='./vulns.html' target=_blank id='export'>LIST</a>
<div id='debug'>
<span id='status'>Status Server</span>
<ul id='list'></ul>
</div>
</body>
</html>

View File

@ -87,10 +87,32 @@ document.addEventListener('DOMContentLoaded', function() {
getCurrentTab(function(tab) {
// Display local storage
chrome.storage.sync.get(['xss','sql','lfi'], function(items) {
document.getElementById("xss").textContent = items['xss'] + " Cross Site Scripting";
document.getElementById("sql").textContent = items['sql'] + " Injection SQL";
document.getElementById("lfi").textContent = items['lfi'] + " Local File Inclusion";
chrome.storage.sync.get(['xss','sql','lfi','list'], function(items) {
// Display the list of vulns
var vulns = escape(items['list']).split('%7CDELIMITER%7C')
var i = 0;
vulns.forEach(function(y)
{
y = encodeURI(unescape(y));
if(y!==''){
var style = "";
if (i%2 == 1){
style = ' class="alt"';
}
document.getElementById('list').innerHTML += ('<tr'+style+'><td>XSS</td><td><a href="'+y+'">'+y.substring(0,150)+'</a></td></tr>');
i++;
}
}
);
// Display vulnerabilities' count
document.getElementById("xss").textContent = items['xss'] + " Cross Site Scripting";
document.getElementById("sql").textContent = items['sql'] + " Injection SQL";
document.getElementById("lfi").textContent = items['lfi'] + " Local File Inclusion";
document.getElementById("total").textContent = "Total : "+ (items['lfi']+items['xss']+items['sql']) +" vulnerability found";
});
@ -111,20 +133,5 @@ document.addEventListener('DOMContentLoaded', function() {
chrome.storage.sync.set({'work': 1});
}
});
// Second button ...
document.getElementById("export").addEventListener('click', () => {
function confirmation() {
//document.getElementById("debug").textContent = http_data.list;
alert('Not available yet..')
}
chrome.tabs.executeScript({code: '(' + confirmation + ')();'}, (results) => {
document.getElementById('status').textContent = results[0];
});
});
});
});

98
Plugin/vulns.html Normal file
View File

@ -0,0 +1,98 @@
<!doctype html>
<html>
<head>
<title>Damn Website Scanner</title>
<style>
body {
font-family: "Segoe UI", "Lucida Grande", Tahoma, sans-serif;
font-size: 100%;
text-align: center;
}
#content{
margin-bottom: 20px;
}
#info {
display: block;
width: 200px;
margin: 0 auto;
text-align: left;
}
#stop,#export{
width: 100px;
padding: 8px;
display: inline-block;
margin: 0 auto;
border-radius: 5px;
text-decoration: none;
text-transform: uppercase;
text-align: center;
color: white;
background-image: -webkit-linear-gradient(top,#EA464A,#D43C40);
font-family: arial;
font-weight: bold;
line-height: 30px;
box-shadow: 0px 2px 0px #553634, 0px 3px 3px #888;
}
#export{
background-image: -webkit-linear-gradient(top,#00BFA5,#26A69A);
}
#debug{
margin-top: 20px;
}
.datagrid table { border-collapse: collapse; text-align: left; width: 100%; }
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
.datagrid table td, .datagrid table th { padding: 3px 16px; }
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; }
.datagrid table thead th:first-child { border: none; }
.datagrid table tbody td { color: #00557F; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }
.datagrid table tbody .alt td { background: #E1EEf4; color: #00557F; }
.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }
.datagrid{ width: 70%; margin: 0 auto; margin-bottom: 20px;}
.hidden{
display: none;
}
</style>
<script src="popup.js"></script>
</head>
<body>
<h3>Damn Website Scanner - List of vulnerabilities</h3>
<div id="content">
<span id='url' class='hidden'>
<a href='http://example.com'>http://limited.url</a>
</span>
<div class="datagrid">
<table>
<thead>
<tr>
<th>Type</th>
<th>URL of the vulnerability</th>
</tr>
</thead>
<tbody id='list'>
</tbody>
</table>
</div>
<p><span id='total'>Total : 0 vulnerability found</span></p>
<ul id="info">
<li><span id='xss'>0 Cross Site Scripting</span></li>
<li><span id='sql'>0 Injection SQL</span></li>
<li><span id='lfi'>0 Local File Inclusion</span></li>
</ul>
</div>
<!-- Used only to display debug informations-->
<a href='#stop' id='stop'>STOP</a>
<a href='./vulns.html' target=_blank id='export'>LIST</a>
<div id='debug'>
<span id='status'>Status Server</span>
</div>
</body>
</html>

View File

@ -13,10 +13,11 @@ Currently it scans for:
- Detect if the server is up
- Start/Stop button
- New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag)
- Basic page to list the vulnerabilities
## TODO - Work in progress
- Get vuln list in localstorage (list)
- ScanSQLTime/ScanSQLBlind
- Should detect target in source code..
- Should detect and work with POST requests
- Export function for vulnerabilities
- Add some functions from https://sergeybelove.ru/one-button-scan/result/3004e0b978f19e58e3239087d119742779e1efbc/