PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
197f28265ff3f751d171c47e6bd102991016cbd8
nmap/scripts/http-xssed.nse
dmiller 31bc2847bd Normalize script author fields 
Clean up some typos and differences. Most have been normalized to
whatever form of the name occurred in the largest number of scripts.
Paulino was contacted directly and requested his email be added to all
of his credits.
2013-09-20 18:56:22 +00:00

90 lines
2.6 KiB
Lua
Raw Blame History

description = [[
This script searches the xssed.com database and outputs the result.
]]
---
-- @usage nmap -p80 --script http-xssed.nse <target>
--
-- This script will search the xssed.com database and it will output any
-- results. xssed.com is the largest online archive of XSS vulnerable
-- websites.
--
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack
-- | http-xssed:
-- | xssed.com found the following previously reported XSS vulnerabilities marked as unfixed:
-- |
-- | /redirect/links.aspx?page=http://xssed.com
-- |
-- | /derefer.php?url=http://xssed.com/
-- |
-- | xssed.com found the following previously reported XSS vulnerabilities marked as fixed:
-- |
-- |_ /myBook/myregion.php?targetUrl=javascript:alert(1);
---
author = "George Chatzisofroniou"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe", "external", "discovery"}
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local string = require "string"
portrule = shortport.port_or_service( {80, 443}, {"http", "https"}, "tcp", "open")
local XSSED_SITE = "xssed.com"
local XSSED_SEARCH = "/search?key="
local XSSED_FOUND = "<b>XSS:</b>"
local XSSED_FIXED = "<img src='http://data.xssed.org/images/fixed.gif'>&nbsp;FIXED</th>"
local XSSED_MIRROR = "<a href='(/mirror/%d+/)' target='_blank'>"
local XSSED_URL = "URL: ([^%s]+)</th>"
action = function(host, port)
local fixed, unfixed
target = XSSED_SEARCH .. host.targetname
-- Only one instantiation of the script should ping xssed at once.
local mutex = nmap.mutex("http-xssed")
mutex "lock"
response = http.get(XSSED_SITE, 80, target)
if string.find(response.body, XSSED_FOUND) then
fixed = {}
unfixed = {}
for m in string.gmatch(response.body, XSSED_MIRROR) do
mirror = http.get(XSSED_SITE, 80, m)
for v in string.gmatch(mirror.body, XSSED_URL) do
if string.find(mirror.body, XSSED_FIXED) then
table.insert(fixed, "\t" .. v .. "\n")
else
table.insert(unfixed, "\t" .. v .. "\n")
end
end
end
end
mutex "done"
-- Fix the output.
if not fixed and not unfixed then
return "No previously reported XSS vuln."
end
if next(unfixed) ~= nil then
table.insert(unfixed, 1, "UNFIXED XSS vuln.\n")
end
if next(fixed) ~= nil then
table.insert(fixed, 1, "FIXED XSS vuln.\n")
end
return {unfixed, fixed}
end
Reference in New Issue View Git Blame Copy Permalink