Xss scanner

把代碼儲存為.pl即可

===============code================

#!/usr/bin/perl

use IO::Socket;

use Net::FTP;

$host = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";

$user = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";

$pass = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n";

$log_file = shift;

$ftp=Net::FTP->new($host) or die "Impossibile connettersi a $host.\n";

$ftp->login ($user, $pass) or die "Errore durante il login.\n";

@file = $ftp->ls ();

$cont4 = 0;

$log = "Scansione sito: $host\n";

while ($cont4 < scalar (@file)){

my $sock = new IO::Socket::INET (

PeerHost => $host,

PeerPort => "80",

Proto => "tcp",

) or die "Impossibile connettersi a $host: $!\n";

$page = "";

print $sock "get /@file[$cont4]\n\n";

while (<$sock>){

        $page .= $_;

}

my (@variabili, @var_method);

$cont2 = 0;

$cont = 0;

while ($cont <= length ($page)){

if ($page =~ /<form.+?method.+?('|")(.+?)("|')/){

$method = $2;

$page =~ /<form.+?>(.+?)<\/form>/;

$cont5 = 0;

$in_form = $1;

while ($cont5 <= length ($in_form)){

if ($in_form =~ /<(input|textarea).+?name.+?('|")(.+?)("|')/){

@variabili [$cont2] = $3;

@var_method [$cont2] = $method;

$in_form =~ s/<(input|textarea).+?name.+?('|")(.+?)("|')/done/;

$cont5++;

$page =~ s/<form.+?method.+?('|")(.+?)("|')/done/;

$cont++;

close ($sock);

$cont3 = 0;

while ($cont3 < scalar (@variabili)){

        my $sock = new IO::Socket::INET(

        PeerHost => $host,

        PeerPort => "80",

        ) or die "Impossibile connettersi a $host.\n";

if (@var_method[$cont3] == "GET"){

        print $sock "get /@file[$cont4]?@variabili[$cont3]=<script>alert(1)</script>\n\n";

elsif (@var_method[$cont3] == "POST"){ 

$var = "@variabili[$cont3]=<script>alert(1)</script>";

$to_send = "POST /pagina\n".

        "Host: $host\n".

             "Content-Type: application/x-www-form-urlencoded\n".

        "Content-Length: ".length($var)."\n\n".

        $var."\n\n"; 

print $sock $to_send;

else {

die "@var_method[$cont3]: Metodo sconosciuto.\n";

        $page2 = "";

        while (<$sock>){

                $page2 .= $_;

        }

        if ($page2 =~ /<script>alert\(1\)<\/script>/){

                print "/@file[$cont4]: @variabili[$cont3] vulnerabile.\n";

$log .= "\n/@file[$cont4]: @variabili[$cont3] vulnerabile.";

        $cont3++;

        close ($sock);

$cont4++;

if ($log_file != ""){

open (LOG, $log_file) or die "Errore durante l'apertura del file: $!\n";

print LOG $log;

close ($log);

================code========================

本文轉自enables 51CTO部落格，原文連結：http://blog.51cto.com/niuzu/579444，如需轉載請自行聯系原作者