swisskyrepo
/
DamnWebScanner
mirror of https://github.com/swisskyrepo/DamnWebScanner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Quickfix - Unexpected crash after too many requests (Flask can't handle)

master
Swissky 2017-09-13 13:44:09 +02:00
parent 4310733e43
commit ebd4ae4ee3
4 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Plugin/popup.js
View File

@ -37,7 +37,7 @@ function getCurrentTab(callback) {
/** /**
* Extract the domain from an URL * Extract the domain from an URL
* @param string(url) - url of the target which will be shorten * @param string(url) - url of the target which will be shorten
*/ */
function extract_domain(url){ function extract_domain(url){
var domain; var domain;
@ -62,7 +62,7 @@ function status_server(config_server){
http.onreadystatechange = function() { http.onreadystatechange = function() {
if (http.readyState == XMLHttpRequest.DONE) { if (http.readyState == XMLHttpRequest.DONE) {
// If the server is up it responds with "pong" // If the server is up it responds with "pong"
if("pong" == http.responseText){ if("pong" == http.responseText){
document.getElementById('status').textContent = "Server is UP !"; document.getElementById('status').textContent = "Server is UP !";
@ -78,7 +78,7 @@ function status_server(config_server){
http.send(); http.send();
} }
/** /**
* Plugin form - Update and display the informations * Plugin form - Update and display the informations
*/ */
@ -103,8 +103,8 @@ document.addEventListener('DOMContentLoaded', function() {
// Display the list of vulns // Display the list of vulns
var vulns = escape(items['list']).split('%7CDELIMITER%7C') var vulns = escape(items['list']).split('%7CDELIMITER%7C')
var i = 0; var i = 0;
vulns.forEach(function(y) vulns.forEach(function(y)
{ {
y = encodeURI(unescape(y)); y = encodeURI(unescape(y));
if(y!==''){ if(y!==''){
@ -123,7 +123,7 @@ document.addEventListener('DOMContentLoaded', function() {
vulns_csv += type+","+y+"\n"; vulns_csv += type+","+y+"\n";
i++; i++;
} }
} }
); );
@ -159,4 +159,4 @@ document.addEventListener('DOMContentLoaded', function() {
}); });
}); });
}); });

9
README.md
View File

@ -20,6 +20,8 @@ All the features are:
**Warning :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a **BETA version**, many improvements will come don't worry **Warning :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a **BETA version**, many improvements will come don't worry
**Warning :** A crash can happen server-side, this issue isn't resolved yet. The docker-compose.yml is set to automatically restart the docker when this happen..
## Install ## Install
You need to install and configure the server, it uses ghost and flask. You need to install and configure the server, it uses ghost and flask.
1. To get started you only need to start the docker and the dependencies will be installed. 1. To get started you only need to start the docker and the dependencies will be installed.
@ -72,6 +74,13 @@ STDERR
``` ```
A "/ping" request is done at every opening of the "Plugin Window" in your browser. A "/ping" request is done at every opening of the "Plugin Window" in your browser.
If you need the exact version of the component used in the beta test, here they are.
```
Ghost.py==2.0.0-dev
PySide==2.0.0~alpha0
Qt==5.5.1
```
## Thanks, Contributors and Ideas ## Thanks, Contributors and Ideas
- Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/) - Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
- Polyglot vector for XSS injection 1 [One vector to rule them all](http://www.thespanner.co.uk/2010/09/15/one-vector-to-rule-them-all/) - Polyglot vector for XSS injection 1 [One vector to rule them all](http://www.thespanner.co.uk/2010/09/15/one-vector-to-rule-them-all/)

1
Server/docker-compose.yml
View File

@ -1,6 +1,7 @@
version: '2' version: '2'
services: services:
web: web:
restart: always
build: . build: .
ports: ports:
- "8000:8000" - "8000:8000"

10
Server/server.py
View File

@ -17,6 +17,14 @@ def ping():
return "pong" return "pong"
""" Template
Description: Basic template, will be used in the next features
"""
@app.route('/template', methods=['GET', 'POST'])
def template():
return render_template('index.html')
""" Route / """ Route /
Description: main route for the flask application, every scan is launched from here Description: main route for the flask application, every scan is launched from here
""" """
@ -102,4 +110,4 @@ def index():
return jsonify(vulns) return jsonify(vulns)
if __name__ == '__main__': if __name__ == '__main__':
app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=False) app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=True) # Seems to crash the server with the following options, threaded=True, passthrough_errors=False)