Screamingcss

From aldeid
Jump to: navigation, search

ScreamingCSS.pl

Description

ScreamingCSS.pl is a Perl script written by David Devitry, inspired from screamingCobra, written by Samy Kamkar.

The script detects entry points (XSS vulnerabilities) on Web applications.

Usage

Basic syntax

screamingCSS.pl [-e] [-i] [-s|-v] <http://host.name>[:port][/start/page]

Options

-e (EXTRA TECHNIQUES)
Uses multiple techniques to find bugs. This will take over twice the amount of time to complete a scan and the other techniques used with this options are not commonly found in applications but if you need to do a very strong pen test, you may want to use this option.
-i (DON'T IGNORE ANY FILES)
In the program, there is a user-configurable array of extensions to ignore (not to GET). Those include images, compressed files, etc. This is because those files will usually not be HTML pages so there won't be any useful data in them, and they may take up a lot of bandwidth as well. This option ignores that list and screamingCobra will not ignore any files.
-s (STATUS BAR)
This creates a status bar with constantly updated numbers of pages accessed, bugs found and attempted vulnerability scans. Cannot be used with verbose, although the status bar is ALWAYS displayed when the user unexpectedly exits or kills the application (^C) or when the application is finished crawling.
-v (VERBOSE)
This will display all the files being accessed and will also list when CGIs are found and attempted to be broken (to find vulnerabilities). Cannot be used with status bar, although a status bar is ALWAYS displayed when the user unexpectedly exits or kills the application (^C) or when the application is finished crawling.

Example

# ./screamingCSS.pl -e -i -v http://www.target-site.fr
Beginning to scan www.target-site.fr ::  for CGI bugs...
Kick back and relax, this will take a while...

GET www.target-site.fr:80/
GET www.target-site.fr:80/welcome.php
GET www.target-site.fr:80/map.php
GET www.target-site.fr:80/contact.php
GET www.target-site.fr:80/sendmail.php?name=&mailfrom=&mailbody=%22%3exxx%3cP%3eyyy&btnValidation=Envoyer
GET www.target-site.fr:80/sendmail.php?name=&mailfrom=&mailbody=&btnValidation=%22%3exxx%3cP%3eyyy
GET www.target-site.fr:80/sendmail.php?name=%22%3exxx%3cP%3eyyy&mailfrom=&mailbody=&btnValidation=Envoyer
GET www.target-site.fr:80/sendmail.php?name=&mailfrom=%22%3exxx%3cP%3eyyy&mailbody=&btnValidation=Envoyer
GET www.target-site.fr:80/reprise.php
GET www.target-site.fr:80/renovation.php
GET www.target-site.fr:80/majnews.php
GET www.target-site.fr:80/logincheck.php?pseudo=&password=%22%3exxx%3cP%3eyyy
GET www.target-site.fr:80/logincheck.php?pseudo=%22%3exxx%3cP%3eyyy&password=
GET www.target-site.fr:80/actus.php
GET www.target-site.fr:80/actus.php?search=%22%3exxx%3cP%3eyyy
BUG FOUND - http://www.target-site.fr:80/actus.php?search=%22%3exxx%3cP%3eyyy
GET www.target-site.fr:80/construction.php
GET www.target-site.fr:80/amenagement.php
GET www.target-site.fr:80/whoarewe.php
GET www.target-site.fr:80/img/big/