Commit 21a32abf authored by Jorge's avatar Jorge
Browse files

Update

parent 0bcd17ab
This diff is collapsed.
onactivate
onafterprint
onanimationcancel
onanimationend
onanimationiteration
onanimationstart
onauxclick
onbeforeactivate
onbeforecopy
onbeforecut
onbeforedeactivate
onbeforepaste
onbeforeprint
onbeforeunload
onbegin
onblur
onbounce
oncanplay
oncanplaythrough
onchange
onclick
oncontextmenu
oncopy
oncut
ondblclick
ondeactivate
ondrag
ondragend
ondragenter
ondragleave
ondragover
ondragstart
ondrop
onend
onended
onerror
onfinish
onfocus
onfocusin
onfocusout
onhashchange
oninput
oninvalid
onkeydown
onkeypress
onkeyup
onload
onloadeddata
onloadedmetadata
onloadend
onloadstart
onmessage
onmousedown
onmouseenter
onmouseleave
onmousemove
onmouseout
onmouseover
onmouseup
onpageshow
onpaste
onpause
onplay
onplaying
onpopstate
onreadystatechange
onrepeat
onreset
onresize
onscroll
onsearch
onseeked
onseeking
onselect
onstart
onsubmit
ontimeupdate
ontoggle
ontransitioncancel
ontransitionend
ontransitionrun
onunhandledrejection
onunload
onvolumechange
onwaiting
onwheel
\ No newline at end of file
import argparse
import re
import json
from termcolor import colored
from prettytable import PrettyTable
parser = argparse.ArgumentParser(description='Find suitable XSS Payloads.')
parser.add_argument('-f', '--file', help='file with the payloads', default='db.json')
parser.add_argument('-t', '--tags', help='array with allowed tags', nargs='+')
parser.add_argument('-e', '--events', help='array with allowed events', nargs='+')
parser.add_argument('-o', '--output', help='output payload list')
args = parser.parse_args()
filename = args.file
tags = args.tags
events = args.events
def find_payload(filename, tags=[], events=[]):
with open(filename) as f:
payload_list = f.read().splitlines()
with open(filename) as json_file:
data = json.load(json_file)
final_tag_list = []
final_event_list = []
if tags:
for tag in tags:
regex_tag = r'\<'+tag+r'\s'
for payload in payload_list:
if re.match(regex_tag,payload):
final_tag_list.append(payload)
if events:
temp_list = []
# Return all tags of events
result = []
if events and not tags:
for event in events:
regex_event = r'\s'+event+r'[^a-zA-Z0-9]'
for payload in payload_list:
if re.search(regex_event, payload):
final_event_list.append(payload)
for tag in data[event]['tags']:
result.append(tag)
if tags and events:
final_payload_list = intersection(final_event_list,final_tag_list)
elif tags and not events:
final_payload_list = final_tag_list
else:
final_payload_list = final_event_list
return final_payload_list
for key in data:
for tag in data[key]['tags']:
if tag['tag'] in tags:
result.append(tag)
elif tags and events:
events_find = []
for key in data:
if key in events:
events_find.append(data[key])
for event in events_find:
for tag in event['tags']:
if tag['tag'] in tags:
result.append(tag)
return result
def intersection(lst1, lst2):
return list(set(lst1) & set(lst2))
def main():
parser = argparse.ArgumentParser(description='Find suitable XSS Payloads.')
parser.add_argument('-f', '--file', help='file with the payloads', required=True)
parser.add_argument('-t', '--tags', help='array with allowed tags', nargs='+')
parser.add_argument('-e', '--events', help='array with allowed events', nargs='+')
def prettyprint(payloads):
browsers_colors = {'safari' : 'cyan',
'edge' : 'blue',
'firefox': 'red',
'chrome': 'white'}
print("\nPayloads found:\n")
args = parser.parse_args()
t = PrettyTable(['Payload', 'Browser Compatibility'])
t.align['Payload'] = "l"
filename = args.file
tags = args.tags
events = args.events
for payload in payloads:
# payload['code']
browsers = ''
for browser in payload['browsers']:
browsers += colored(browser,browsers_colors[browser]) + " "
t.add_row([payload['code'], browsers])
payloads = find_payload(filename,tags,events)
print(t)
if args.output:
f = open(args.output,'w+')
for payload in payloads:
f.write(payload['code']+'\n')
f.close()
print("Payloads saved in: " + args.output)
def main():
if events or tags:
payloads = find_payload(filename,tags,events)
prettyprint(payloads)
else:
parser.print_help()
print("\nPayloads found:\n")
for payload in payloads:
print(payload)
if __name__== "__main__":
main()
\ No newline at end of file
This source diff could not be displayed because it is too large. You can view the blob instead.
a
abbr
acronym
address
animate
animatemotion
animatetransform
applet
area
article
aside
audio
b
base
basefont
bdi
bdo
bgsound
big
blink
blockquote
body
br
button
canvas
caption
center
cite
code
col
colgroup
command
content
custom tags
data
datalist
dd
del
details
dfn
dialog
dir
discard
div
dl
dt
element
em
embed
fieldset
figcaption
figure
font
footer
form
frame
frameset
h1
head
header
hgroup
hr
html
i
iframe
image
image2
image3
img
img2
input
input2
input3
input4
ins
isindex
kbd
keygen
label
legend
li
link
listing
main
map
mark
marquee
menu
menuitem
meta
meter
multicol
nav
nextid
nobr
noembed
noframes
noscript
object
ol
optgroup
option
output
p
param
picture
plaintext
pre
progress
q
rb
rp
rt
rtc
ruby
s
samp
script
section
select
set
shadow
slot
small
source
spacer
span
strike
strong
style
sub
summary
sup
svg
table
tbody
td
template
textarea
tfoot
th
thead
time
title
tr
track
tt
u
ul
var
video
wbr
xmp
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment