swisskyrepo
/
DamnWebScanner
mirror of https://github.com/swisskyrepo/DamnWebScanner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

README.md updated

master
swisskyrepo 2016-12-24 17:56:48 +01:00
parent 4c4b412965
commit f7f7279469
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -7,8 +7,7 @@ Currently it scans for:
- Cross Site Scripting
- Local File Inclusion
**Warning 1 :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters.
**Warning 2 :** It's a BETA version, many improvements will come don't worry
**Warnings :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a BETA version, many improvements will come don't worry
## New features
- Detect if the server is up
@ -21,7 +20,10 @@ Currently it scans for:
- Export function for vulnerabilities
- Add some functions from https://sergeybelove.ru/one-button-scan/result/3004e0b978f19e58e3239087d119742779e1efbc/
- Deep and impact : args['url'],args['deep'],args['impact']
- Improve XSS vector - should work in JS context and onxxxx context: ">><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=confirm`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>alert(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><svg onload=alert`1`><!--
- Improve XSS vector - should work in JS context and onxxxx context:
```
">><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=confirm`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>alert(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><svg onload=alert`1`><!--
```
## Install
You need to install and configure the server, it uses ghost and flask with gunicorn
@ -35,14 +37,14 @@ sudo apt-get install gunicorn
```
If you have any trouble with Ghost you should have a look to the documentation : http://ghost-py.readthedocs.org/en/latest/
1. The extension isn't packed, to use it go to chrome://extensions or opera://extensions then select "Load unpacked extension"
2. Don't forget to launch the server
1 - The extension isn't packed, to use it go to chrome://extensions or opera://extensions then select "Load unpacked extension"
2 - Don't forget to launch the server
```
chmod +x ./launch
./launch
```
3. Edit the server configuration in popup.js and background.js with your server's informations
3 - Edit the server configuration in popup.js and background.js with your server's informations
```
var config_server = "http://127.0.0.1:8000";
```
4. Browse the internet !
4 - Browse the internet !