stamparm / dsss Goto Github PK

Reopening

使用post时扫不到结果

well i though the whole point of scanning the site was to find the vulnerability.
but in your example you have it something like this

dsss.py -u "http://www.dsss.net/id=1"

LOL and what if i don't want to search it manually?
what if i simply add something like this

dsss.py -u "http://www.dsss.net"

NOTHING HAPPENS

HI STAMPARM
HOW CAN I PIPE MULTIPLE URLS TO DSSS

Is There something special that this tool can offer which isn't in others?
Thanks!

hi
please add file target on script
i want to add file target to scan on dsss

-h

SUFFIXES[3] SUFFIXES[4] incomplete format @ line 63

line 11 must be:
SUFFIXES = ("", "-- ", "#", "%%00", "%%16")

This is great & fast SQLi scanner. Can you please add pipeline mode to chained with other tools?

Hello Stamparm,

I have tried to use this tool for a POC with POST data, but the output is like the parameters are not vulnerable. I have tried on XVWA - SQL Injection, and these parameters are effectively vulnerables.

Can you help me please, I tried the tool with this command:

python3 dsss.py -u "http://X.X.X.X/xvwa/vulnerabilities/sqli/" --data "item=&search=1"

and the output is:

• scanning POST parameter 'item'
• scanning POST parameter 'search'

scan results: no vulnerabilities found

Thanks

it would be great if it accepts list of urls and multiple parameters.

thanks for great work.

Why is this tool not supported stacked/union/time injection? I hope it's a complete scanning tool and doesn't affect the quality because of the volume

FUZZY_THRESHOLD = 0.95 

vulnerable = all(ratios.values()) and min(ratios.values()) < FUZZY_THRESHOLD < max(ratios.values()) and abs(ratios[True] - ratios[False]) > FUZZY_THRESHOLD / 10

I am confused about this part of the code.

Can you explain the reason for this judgment? Thank you very much~