lauritzh / domscan Goto Github PK
View Code? Open in Web Editor NEWSimple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Home Page: https://security.lauritz-holtmann.de/tools
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Home Page: https://security.lauritz-holtmann.de/tools
Before making a tool first do some research, Will this be better than any other tools available?
I really had huge hopes with this tool as this one is made using nodejs. But it can't even detect a simple XSS.
For your proof:
The XSS was: http://sudo.co.il/xss/level4.php?email=%22autofocus/onfocus=javascript:window.onerror=prompt;throw[1]%20c=%22
At least it should pass all the XSS challenges of http://sudo.co.il/xss/ only then I can think of using this one over the others.
And please understand, most of the modern websites have XSS mechanism in place that automatically blocks alert keyword.
prompt is the new alert :)
Please take my words as a valuable feedback and I will be waiting for the next release :)
How to solve this issue, when I run this tool this give a error:
[!] No URL or hash parameters found. If you do not intent to only guess parameters (see help), please provide an URL that already includes GET parameters.
[+] Adding mutations of given URL parameter values to payload list...
[+] Starting browser...
Failed to launch the browser process! undefined
[1194:1194:1001/000912.154161:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
: Error: Failed to launch the browser process! undefined
[1194:1194:1001/000912.154161:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at ChildProcess.onClose (/usr/local/lib/node_modules/domscan/node_modules/@puppeteer/browsers/lib/cjs/launch.js:277:24)
at ChildProcess.emit (node:events:525:35)
at ChildProcess._handle.onexit (node:internal/child_process:291:12)
What's solution ?
There are further methods that should be investigated and, if suitable, added to the "-g" feature flag.
Example: https://twitter.com/bemodtwz/status/1634264844013543451?
Hey mate! Stumbled across the tool and been wanting to try it to help out with some DOM XSS. I've span up DVWA on TryHackMe and can scan the application successfully while unauthenticated, but when attempting to scan authenticated it errors out and results in loads of 302 redirects. I've tested the cookies using Katana too, and this was successful.
domscan "http://10.10.48.184/vulnerabilities/xss_d/?default=English" -c "PHPSESSID=ia8p[snipped]2; security=low"
URL: http://10.10.48.184/vulnerabilities/xss_d/?default=English
[+] URL Parameters: {"default":"English"}
[+] Adding mutations of given URL parameter values to payload list...
[+] Starting browser...
[+] Found redirect, could indicate erroneous initial URL or missing cookies: 302 http://10.10.48.184/vulnerabilities/xss_d/?default=English
[+] Wait until JS was evaluated...
[+] Scanning parameters...
[+] Scanning parameter: default
[+] Found redirect for Payload "/autofocus/onfocus="alert`` in Param default to http://10.10.48.184/login.php
[!] Found redirect: 302 http://10.10.48.184/vulnerabilities/xss_d/?default=%22%2Fautofocus%2Fonfocus%3D%22%26%2397%3Blert%60%60
It then just spams the 302 redirect and eventually scans the login page instead. However, the same cookies using Katana works.
└─$ katana -u "http://10.10.48.184/vulnerabilities/" -H "PHPSESSID=ia8p[snipped]2; security=low"
projectdiscovery.io
[snipped]
http://10.10.48.184/vulnerabilities/sqli/
http://10.10.48.184/vulnerabilities/sqli_blind/
http://10.10.48.184/vulnerabilities/upload/
http://10.10.48.184/vulnerabilities/view_help.php
http://10.10.48.184/vulnerabilities/view_source.php
http://10.10.48.184/vulnerabilities/view_source_all.php
http://10.10.48.184/vulnerabilities/weak_id/
http://10.10.48.184/vulnerabilities/xss_d/
http://10.10.48.184/vulnerabilities/xss_r/
http://10.10.48.184/vulnerabilities/xss_s/
http://10.10.48.184/login.php
http://10.10.48.184/vulnerabilities/?C=N;O=A
Is my syntax wrong or any ideas why this fails? Thanks!
In non-headless mode, an interactive mode would be useful. DOMscan could wait after each payload until user manually continues execution of scan.
Hi,
Can you consider the possibility of configuring it to scan a text list of URL addresses?
Thanks
hacker@ubuntu:~/domscan$ node scan.js
/home/hacker/domscan/node_modules/puppeteer-core/lib/cjs/puppeteer/common/EventEmitter.js:128
return this.eventsMap.get(event)?.length || 0;
^
SyntaxError: Unexpected token '.'
at wrapSafe (internal/modules/cjs/loader.js:915:16)
at Module._compile (internal/modules/cjs/loader.js:963:27)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Module.load (internal/modules/cjs/loader.js:863:32)
at Function.Module._load (internal/modules/cjs/loader.js:708:14)
at Module.require (internal/modules/cjs/loader.js:887:19)
at require (internal/modules/cjs/helpers.js:74:18)
at Object. (/home/hacker/domscan/node_modules/puppeteer-core/lib/cjs/puppeteer/api/Browser.js:19:27)
at Module._compile (internal/modules/cjs/loader.js:999:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
The goal is to implement more coherent visual output (in terms of used colours, highlighting, wording, ...).
Some ideas:
Color Scheme:
[+]
: Status Updates[!]
: Findings[!]
: Error[*]
: Possible Findings and events that need investigation[=]
: Requires User InteractionA declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.