diff --git a/crlf.py b/crlf.py index f04f5b9..8011d9c 100755 --- a/crlf.py +++ b/crlf.py @@ -7,12 +7,15 @@ import sys import re import time +import copy import random import argparse import requests +import urllib.parse +from functools import partial from threading import Thread from queue import Queue -from urllib.parse import urlparse +from multiprocessing.dummy import Pool from colored import fg, bg, attr MAX_EXCEPTION = 3 @@ -23,6 +26,90 @@ requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +def rebuiltQuery( t_params ): + query = '' + for pname,t_values in t_params.items(): + for k in range(len(t_values)): + query = query + pname+'='+t_values[k] + '&' + return query.strip('&') + + +def _parse_qs( query ): + t_params = {} + tmptab = query.split('&') + + for param in tmptab: + t_param = param.split('=') + pname = t_param[0] + pvalue = t_param[1] + if not pname in t_params: + t_params[pname] = [] + t_params[pname].append( pvalue ) + + return t_params + + +def testParams( t_urlparse, payload ): + # t_params = urllib.parse.parse_qs( t_urlparse.query ) + t_params = _parse_qs( t_urlparse.query ) + + for pname,t_values in t_params.items(): + for k in range(len(t_values)): + pvalue = t_values[k] + t_params2 = copy.deepcopy(t_params) + if pvalue == '': + pvalue = 666 + new_value = str(pvalue) + payload + # t_params2[pname][k] = urllib.parse.quote( new_value ) + t_params2[pname][k] = new_value + new_query = rebuiltQuery( t_params2 ) + t_urlparse = t_urlparse._replace(query=new_query) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) + # disable get/post swap + # t_urlparse = t_urlparse._replace(query='') + # url = urllib.parse.urlunparse(t_urlparse) + # doTest( url, 'POST', t_params2 ) + + +def testFragment( t_urlparse, payload ): + # new_value = t_urlparse.fragment + urllib.parse.quote(payload) + new_value = t_urlparse.fragment + payload + t_urlparse = t_urlparse._replace(fragment=new_value) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) + + +def testPath( t_urlparse, payload ): + path = '' + t_path = ['/'] + t_urlparse.path.split('/') + + for dir in t_path: + if len(dir): + path = path + '/' + dir + path = path.replace('//','/') + # new_value = os.path.dirname(t_urlparse.path) + '/' + urllib.parse.quote(payload) + # new_value = path + '/' + urllib.parse.quote(payload) + new_value = path + '/' + payload + new_value = new_value.replace('//','/') + t_urlparse = t_urlparse._replace(path=new_value) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) + + +def testPayload( url, payload ): + t_urlparse = urllib.parse.urlparse( url ) + + if len(t_urlparse.query): + testParams( t_urlparse, payload.strip('/') ) + + if len(t_urlparse.fragment): + testFragment( t_urlparse, payload.strip('/') ) + + testPath( t_urlparse, payload ) + + def testURL( url ): time.sleep( 0.01 ) @@ -30,7 +117,14 @@ def testURL( url ): sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) t_multiproc['n_current'] = t_multiproc['n_current'] + 1 - t_urlparse = urlparse(url) + pool = Pool( 10 ) + pool.map( partial(testPayload,url), t_payloads ) + pool.close() + pool.join() + + +def doTest( url, method='GET', post_params='' ): + t_urlparse = urllib.parse.urlparse(url) u = t_urlparse.scheme + '_' + t_urlparse.netloc if not u in t_exceptions: @@ -48,7 +142,10 @@ def testURL( url ): return try: - r = requests.head( url, timeout=5, verify=False ) + if method == 'POST': + r = requests.post( url, data=post_params, headers=t_custom_headers, timeout=5, verify=False ) + else: + r = requests.head( url, headers=t_custom_headers, timeout=5, verify=False ) except Exception as e: t_exceptions[u] = t_exceptions[u] + 1 if _verbose >= 3: @@ -69,18 +166,80 @@ def testURL( url ): if vuln == 'VULNERABLE': t_vulnerable[u] = t_vulnerable[u] + 1 - output = '%sC=%d\t\tT=%s\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,content_type,vuln) + # output = '%sC=%d\t\tT=%s\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,content_type,vuln) + output = '%s\t\tC=%d\t\tT=%s\t\tV=%s\n' % (url,r.status_code,content_type,vuln) fp = open( t_multiproc['f_output'], 'a+' ) fp.write( output ) fp.close() if _verbose >= 2 or (_verbose >= 1 and vuln == 'VULNERABLE'): - sys.stdout.write( '%s' % output ) + if vuln == 'VULNERABLE': + sys.stdout.write( '%s%s%s' % (fg('light_red'),output,attr(0)) ) + else: + sys.stdout.write( output ) + + +# old version +# def testURL( url ): +# time.sleep( 0.01 ) + +# if _verbose <= 1: +# sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) +# t_multiproc['n_current'] = t_multiproc['n_current'] + 1 + +# t_urlparse = urlparse(url) +# u = t_urlparse.scheme + '_' + t_urlparse.netloc + +# if not u in t_exceptions: +# t_exceptions[u] = 0 +# if t_exceptions[u] >= MAX_EXCEPTION: +# if _verbose >= 3: +# print("skip too many exceptions %s" % t_urlparse.netloc) +# return + +# if not u in t_vulnerable: +# t_vulnerable[u] = 0 +# if t_vulnerable[u] >= MAX_VULNERABLE: +# if _verbose >= 3: +# print("skip already vulnerable %s" % t_urlparse.netloc) +# return + +# try: +# r = requests.head( url, timeout=5, verify=False ) +# except Exception as e: +# t_exceptions[u] = t_exceptions[u] + 1 +# if _verbose >= 3: +# sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) +# return + +# if 'Content-Type' in r.headers: +# content_type = r.headers['Content-Type'] +# else: +# content_type = '-' + +# t_headers = list( map( str.lower,r.headers.keys() ) ) +# if 'xcrlf' in t_headers: +# vuln = 'VULNERABLE' +# else: +# vuln = '-' + +# if vuln == 'VULNERABLE': +# t_vulnerable[u] = t_vulnerable[u] + 1 + +# output = '%sC=%d\t\tT=%s\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,content_type,vuln) + +# fp = open( t_multiproc['f_output'], 'a+' ) +# fp.write( output ) +# fp.close() + +# if _verbose >= 2 or (_verbose >= 1 and vuln == 'VULNERABLE'): +# sys.stdout.write( '%s' % output ) parser = argparse.ArgumentParser() parser.add_argument( "-a","--path",help="set paths list" ) +parser.add_argument( "-d","--header",help="custom headers, example: cookie1=value1;cookie2=value2...", action="append" ) parser.add_argument( "-p","--payloads",help="set payloads list" ) parser.add_argument( "-o","--hosts",help="set host list (required or -u)" ) # parser.add_argument( "-r","--redirect",help="follow redirection" ) @@ -96,6 +255,13 @@ def testURL( url ): else: t_scheme = ['http','https'] +t_custom_headers = {} +if args.header: + for header in args.header: + if ':' in header: + tmp = header.split(':') + t_custom_headers[ tmp[0].strip() ] = tmp[1].strip() + t_hosts = [] if args.hosts: if os.path.isfile(args.hosts): @@ -199,23 +365,41 @@ def testURL( url ): for scheme in t_scheme: for host in t_hosts: - for payload in t_payloads: - for path in t_path: - u = scheme + '://' + host.strip() + path + payload - t_totest.append( u ) - l = len(u) - if l > u_max_length: - u_max_length = l - -for url in t_urls: - for payload in t_payloads: for path in t_path: - u = url.strip() + path + payload + u = scheme + '://' + host.strip() + path t_totest.append( u ) l = len(u) if l > u_max_length: u_max_length = l +for url in t_urls: + for path in t_path: + u = url.strip() + path + t_totest.append( u ) + l = len(u) + if l > u_max_length: + u_max_length = l + +# old version +# for scheme in t_scheme: +# for host in t_hosts: +# for payload in t_payloads: +# for path in t_path: +# u = scheme + '://' + host.strip() + path + payload +# t_totest.append( u ) +# l = len(u) +# if l > u_max_length: +# u_max_length = l + +# for url in t_urls: +# for payload in t_payloads: +# for path in t_path: +# u = url.strip() + path + payload +# t_totest.append( u ) +# l = len(u) +# if l > u_max_length: +# u_max_length = l + n_totest = len(t_totest) sys.stdout.write( '%s[+] %d urls created.%s\n' % (fg('green'),n_totest,attr(0)) ) sys.stdout.write( '[+] testing...\n' ) diff --git a/openredirect.py b/openredirect.py index 32e181c..459b2b8 100755 --- a/openredirect.py +++ b/openredirect.py @@ -7,12 +7,16 @@ import sys import re import time +import copy import random import argparse import requests +import urllib.parse +from functools import partial from threading import Thread from queue import Queue from urllib.parse import urlparse +from multiprocessing.dummy import Pool from colored import fg, bg, attr MAX_EXCEPTION = 3 @@ -23,6 +27,97 @@ requests.packages.urllib3.disable_warnings(InsecureRequestWarning) +def rebuiltQuery( t_params ): + query = '' + for pname,t_values in t_params.items(): + for k in range(len(t_values)): + query = query + pname+'='+t_values[k] + '&' + return query.strip('&') + + +def _parse_qs( query ): + t_params = {} + tmptab = query.split('&') + + for param in tmptab: + t_param = param.split('=') + pname = t_param[0] + pvalue = t_param[1] + if not pname in t_params: + t_params[pname] = [] + t_params[pname].append( pvalue ) + + return t_params + + +def testParams( t_urlparse, payload ): + # t_params = urllib.parse.parse_qs( t_urlparse.query ) + t_params = _parse_qs( t_urlparse.query ) + + for pname,t_values in t_params.items(): + for k in range(len(t_values)): + pvalue = t_values[k] + t_params2 = copy.deepcopy(t_params) + # if pvalue == '': + # pvalue = 666 + # it's replacement mode, not concat + # new_value = str(pvalue) + payload + new_value = payload + # t_params2[pname][k] = urllib.parse.quote( new_value ) + t_params2[pname][k] = new_value + new_query = rebuiltQuery( t_params2 ) + t_urlparse = t_urlparse._replace(query=new_query) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) + # disable get/post swap + # t_urlparse = t_urlparse._replace(query='') + # url = urllib.parse.urlunparse(t_urlparse) + # doTest( url, 'POST', t_params2 ) + + +def testFragment( t_urlparse, payload ): + # new_value = t_urlparse.fragment + urllib.parse.quote(payload) + # new_value = t_urlparse.fragment + payload + new_value = payload + t_urlparse = t_urlparse._replace(fragment=new_value) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) + + +def testPath( t_urlparse, payload ): + path = '' + t_path = ['/'] + t_urlparse.path.split('/') + + for dir in t_path: + if len(dir): + path = path + '/' + dir + path = path.replace('//','/') + # new_value = os.path.dirname(t_urlparse.path) + '/' + urllib.parse.quote(payload) + # new_value = path + '/' + urllib.parse.quote(payload) + new_value = path + '/' + payload + new_value = new_value.replace('//','/') + t_urlparse = t_urlparse._replace(path=new_value) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) + + +def testPayload( url, payload ): + t_urlparse = urllib.parse.urlparse(url) + payload = payload.replace( 'www.whitelisteddomain.tld', t_urlparse.netloc ) + if redirect_domain != 'google.com': + payload = payload.replace( 'google.com', redirect_domain ) + + t_urlparse = urllib.parse.urlparse( url ) + + if len(t_urlparse.query): + testParams( t_urlparse, payload.strip('/') ) + + if len(t_urlparse.fragment): + testFragment( t_urlparse, payload.strip('/') ) + + testPath( t_urlparse, payload ) + + def testURL( url ): time.sleep( 0.01 ) @@ -30,7 +125,14 @@ def testURL( url ): sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) t_multiproc['n_current'] = t_multiproc['n_current'] + 1 - t_urlparse = urlparse(url) + pool = Pool( 10 ) + pool.map( partial(testPayload,url), t_payloads ) + pool.close() + pool.join() + + +def doTest( url, method='GET', post_params='' ): + t_urlparse = urllib.parse.urlparse(url) u = t_urlparse.scheme + '_' + t_urlparse.netloc if not u in t_exceptions: @@ -48,7 +150,10 @@ def testURL( url ): return try: - r = requests.head( url, timeout=5, verify=False, allow_redirects=True ) + if method == 'POST': + r = requests.post( url, data=post_params, headers=t_custom_headers, timeout=5, verify=False, allow_redirects=True ) + else: + r = requests.head( url, timeout=5, headers=t_custom_headers, verify=False, allow_redirects=True ) except Exception as e: t_exceptions[u] = t_exceptions[u] + 1 if _verbose >= 3: @@ -74,18 +179,85 @@ def testURL( url ): if vuln == 'VULNERABLE': t_vulnerable[u] = t_vulnerable[u] + 1 - output = '%sC=%d\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,vuln) + # output = '%sC=%d\t\tT=%s\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,content_type,vuln) + output = '%s\t\tC=%d\t\tT=%s\t\tV=%s\n' % (url,r.status_code,content_type,vuln) fp = open( t_multiproc['f_output'], 'a+' ) fp.write( output ) fp.close() if _verbose >= 2 or (_verbose >= 1 and vuln == 'VULNERABLE'): - sys.stdout.write( '%s' % output ) + if vuln == 'VULNERABLE': + sys.stdout.write( '%s%s%s' % (fg('light_red'),output,attr(0)) ) + else: + sys.stdout.write( output ) + + +# old version +# def testURL( url ): +# time.sleep( 0.01 ) + +# if _verbose <= 1: +# sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) +# t_multiproc['n_current'] = t_multiproc['n_current'] + 1 + +# t_urlparse = urlparse(url) +# u = t_urlparse.scheme + '_' + t_urlparse.netloc + +# if not u in t_exceptions: +# t_exceptions[u] = 0 +# if t_exceptions[u] >= MAX_EXCEPTION: +# if _verbose >= 3: +# print("skip too many exceptions %s" % t_urlparse.netloc) +# return + +# if not u in t_vulnerable: +# t_vulnerable[u] = 0 +# if t_vulnerable[u] >= MAX_VULNERABLE: +# if _verbose >= 3: +# print("skip already vulnerable %s" % t_urlparse.netloc) +# return + +# try: +# r = requests.head( url, timeout=5, verify=False, allow_redirects=True ) +# except Exception as e: +# t_exceptions[u] = t_exceptions[u] + 1 +# if _verbose >= 3: +# sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) +# return + +# if 'Content-Type' in r.headers: +# content_type = r.headers['Content-Type'] +# else: +# content_type = '-' + +# vuln = '-' +# t_url_parse = urlparse( r.url ) +# for domain in t_redirect_domain: +# if domain in t_url_parse.netloc.lower(): +# vuln = 'VULNERABLE' + +# if vuln == '-': +# for redirect_url in t_redirect_urls: +# if r.url.lower().startswith(redirect_url): +# vuln = 'VULNERABLE' + +# if vuln == 'VULNERABLE': +# t_vulnerable[u] = t_vulnerable[u] + 1 + +# output = '%sC=%d\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,vuln) + +# fp = open( t_multiproc['f_output'], 'a+' ) +# fp.write( output ) +# fp.close() + +# if _verbose >= 2 or (_verbose >= 1 and vuln == 'VULNERABLE'): +# sys.stdout.write( '%s' % output ) parser = argparse.ArgumentParser() parser.add_argument( "-a","--path",help="set paths list" ) +parser.add_argument( "-d","--header",help="custom headers, example: cookie1=value1;cookie2=value2...", action="append" ) parser.add_argument( "-p","--payloads",help="set payloads list" ) parser.add_argument( "-o","--hosts",help="set host list (required or -u)" ) parser.add_argument( "-r","--redirect",help="domain to redirect, default: google.com" ) @@ -101,6 +273,13 @@ def testURL( url ): else: t_scheme = ['http','https'] +t_custom_headers = {} +if args.header: + for header in args.header: + if ':' in header: + tmp = header.split(':') + t_custom_headers[ tmp[0].strip() ] = tmp[1].strip() + t_hosts = [] if args.hosts: if os.path.isfile(args.hosts): @@ -153,7 +332,7 @@ def testURL( url ): if args.verbose: _verbose = int(args.verbose) else: - _verbose = 2 + _verbose = 1 if args.threads: _threads = int(args.threads) @@ -403,34 +582,60 @@ def testURL( url ): '///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e', '//www.whitelisteddomain.tld@www.google.com/%2f%2e%2e', ] + # t_payloads = [ + # '/%0a.google.com', + # '//google.com/%2e%2e', + # 'https:/%5cgoogle.com/', + # '/google%00.com', + # '//www.whitelisteddomain.tld@google.com/' + # ] + for scheme in t_scheme: for host in t_hosts: - for payload in t_payloads: - for path in t_path: - host = host.strip() - payload = payload.replace( 'www.whitelisteddomain.tld', host ) - if redirect_domain != 'google.com': - payload = payload.replace( 'google.com', redirect_domain ) - u = scheme + '://' + host + path + payload - t_totest.append( u ) - l = len(u) - if l > u_max_length: - u_max_length = l - -for url in t_urls: - for payload in t_payloads: for path in t_path: - t_url_parse = urlparse( url ) - payload = payload.replace( 'www.whitelisteddomain.tld', t_url_parse.netloc ) - if redirect_domain != 'google.com': - payload = payload.replace( 'google.com', redirect_domain ) - u = url.strip() + path + payload + u = scheme + '://' + host.strip() + path t_totest.append( u ) l = len(u) if l > u_max_length: u_max_length = l +for url in t_urls: + for path in t_path: + u = url.strip() + path + t_totest.append( u ) + l = len(u) + if l > u_max_length: + u_max_length = l + +# old version +# for scheme in t_scheme: +# for host in t_hosts: +# for payload in t_payloads: +# for path in t_path: +# host = host.strip() +# payload = payload.replace( 'www.whitelisteddomain.tld', host ) +# if redirect_domain != 'google.com': +# payload = payload.replace( 'google.com', redirect_domain ) +# u = scheme + '://' + host + path + payload +# t_totest.append( u ) +# l = len(u) +# if l > u_max_length: +# u_max_length = l + +# for url in t_urls: +# for payload in t_payloads: +# for path in t_path: +# t_url_parse = urlparse( url ) +# payload = payload.replace( 'www.whitelisteddomain.tld', t_url_parse.netloc ) +# if redirect_domain != 'google.com': +# payload = payload.replace( 'google.com', redirect_domain ) +# u = url.strip() + path + payload +# t_totest.append( u ) +# l = len(u) +# if l > u_max_length: +# u_max_length = l + n_totest = len(t_totest) sys.stdout.write( '%s[+] %d urls created.%s\n' % (fg('green'),n_totest,attr(0)) ) sys.stdout.write( '[+] testing...\n' ) diff --git a/xss.py b/xss.py index c4b4829..83c6763 100755 --- a/xss.py +++ b/xss.py @@ -7,16 +7,16 @@ import sys import re import time -import base64 import copy +import base64 import random import argparse import subprocess +import urllib.parse from functools import partial from threading import Thread from queue import Queue from multiprocessing.dummy import Pool -import urllib.parse from colored import fg, bg, attr @@ -59,9 +59,9 @@ def testParams( t_urlparse, payload ): t_urlparse = t_urlparse._replace(query=new_query) url = urllib.parse.urlunparse(t_urlparse) doTest( url ) - t_urlparse = t_urlparse._replace(query='') - url = urllib.parse.urlunparse(t_urlparse) - doTest( url, 'POST', new_query ) + # t_urlparse = t_urlparse._replace(query='') + # url = urllib.parse.urlunparse(t_urlparse) + # doTest( url, 'POST', new_query ) def testFragment( t_urlparse, payload ): @@ -72,10 +72,19 @@ def testFragment( t_urlparse, payload ): def testPath( t_urlparse, payload ): - new_value = os.path.dirname(t_urlparse.path) + '/' + urllib.parse.quote(payload) - t_urlparse = t_urlparse._replace(path=new_value) - url = urllib.parse.urlunparse(t_urlparse) - doTest( url ) + path = '' + t_path = ['/'] + t_urlparse.path.split('/') + + for dir in t_path: + if len(dir): + path = path + '/' + dir + path = path.replace('//','/') + # new_value = os.path.dirname(t_urlparse.path) + '/' + urllib.parse.quote(payload) + new_value = path + '/' + urllib.parse.quote(payload) + new_value = new_value.replace('//','/') + t_urlparse = t_urlparse._replace(path=new_value) + url = urllib.parse.urlunparse(t_urlparse) + doTest( url ) def testPayload( url, payload ): @@ -92,18 +101,16 @@ def testPayload( url, payload ): def testURL( url ): time.sleep( 0.01 ) - sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) - t_multiproc['n_current'] = t_multiproc['n_current'] + 1 + + if _verbose <= 1: + sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) + t_multiproc['n_current'] = t_multiproc['n_current'] + 1 pool = Pool( 10 ) pool.map( partial(testPayload,url), t_payloads ) pool.close() pool.join() - # for payload in t_payloads: - # testPayload( url, payload ) - - # console.log( 'Usage: phantomjs xss.js [] [ ]'); def doTest( url, method='GET', post_params='' ): @@ -119,9 +126,9 @@ def doTest( url, method='GET', post_params='' ): try: cmd_output = subprocess.check_output( cmd, shell=True ).decode('utf-8') except Exception as e: - pass - # sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) - # return False + if _verbose >= 3: + sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) + # pass if 'called' in cmd_output: vuln = 'VULNERABLE' @@ -134,20 +141,23 @@ def doTest( url, method='GET', post_params='' ): fp.write( output ) fp.close() - # if _vulnerable and vuln == 'VULNERABLE': - sys.stdout.write( output ) + if _verbose >= 2 or (_verbose >= 1 and vuln == 'VULNERABLE'): + if vuln == 'VULNERABLE': + sys.stdout.write( '%s%s%s' % (fg('light_red'),output,attr(0)) ) + else: + sys.stdout.write( output ) parser = argparse.ArgumentParser() -parser.add_argument( "-n","--phantom",help="phantomjs path" ) -parser.add_argument( "-c","--cookies",help="cookies separated by semi-colon, example: cookie1=value1;cookie2=value2..." ) parser.add_argument( "-a","--path",help="set paths list" ) -parser.add_argument( "-p","--payloads",help="set payloads list" ) +parser.add_argument( "-c","--cookies",help="cookies separated by semi-colon, example: cookie1=value1;cookie2=value2..." ) +parser.add_argument( "-n","--phantom",help="phantomjs path" ) parser.add_argument( "-o","--hosts",help="set host list (required or -u)" ) +parser.add_argument( "-p","--payloads",help="set payloads list" ) parser.add_argument( "-s","--scheme",help="scheme to use, default=http,https" ) parser.add_argument( "-t","--threads",help="threads, default 10" ) parser.add_argument( "-u","--urls",help="set url list (required or -o)" ) -parser.add_argument( "-v","--vulnerable",help="display vulnerable", action="store_true" ) +parser.add_argument( "-v","--verbose",help="display output, 0=nothing, 1=only vulnerable, 2=all requests, 3=full debug, default: 1" ) parser.parse_args() args = parser.parse_args() @@ -219,10 +229,10 @@ def doTest( url, method='GET', post_params='' ): else: n_payloads = 0 -if args.vulnerable: - _vulnerable = True +if args.verbose: + _verbose = int(args.verbose) else: - _vulnerable = False + _verbose = 1 if args.threads: _threads = int(args.threads) @@ -289,7 +299,6 @@ def doTest( url, method='GET', post_params='' ): 'u_max_length': u_max_length+5, 'd_output': d_output, 'f_output': f_output, - '_vulnerable': _vulnerable, } # testURL( args.urls)