Skip to content

release/0.1.56
Compare
Choose a tag to compare
@grisuno grisuno released this 08 Oct 05:21
· 113 commits to main since this release
release/0.1.56
This tag was signed with the committer’s verified signature.
grisuno Grisuno
GPG key ID: C8ED7C62321C57F8
Learn about vigilant mode.
81c70ea
This commit was signed with the committer’s verified signature.
grisuno Grisuno
GPG key ID: C8ED7C62321C57F8
Learn about vigilant mode.

Full Changelog: release/0.1.55...release/0.1.56

createjsonmachine

Create a new JSON payload file based on the template provided in payload.json.

This function reads an existing JSON file named 'payload.json' and
allows the user to update specific fields. The following fields can
be modified:

  • 'url': The new URL to connect to, which can be entered manually
    or automatically generated based on the input parameter 'line'.
  • 'domain': The new domain associated with the URL, similarly
    generated or entered.
  • 'rhost': The new remote host IP address that needs to be specified
    by the user.

All other fields from the original payload are preserved in the new
JSON file, ensuring that no other data is lost or altered.

The newly created JSON payload will be saved in a new file with the
format 'payload_<new_name>.json', where <new_name> is derived
from the domain name's subpart.

Parameters:
line (str): An optional string parameter that, if provided, is used
to generate the new 'url' and 'domain'. If empty,
the user will be prompted to enter values for 'url'
and 'domain'.

Returns:
None

xss

Executes the XSS (Cross-Site Scripting) vulnerability testing procedure
using user-defined parameters and configurations.

This method guides the user through the process of setting up and
executing XSS payload injections against a specified target domain.
It prompts the user for necessary input, including the XSS payload
URL, the target domain, and the request timeout settings. The
function ensures that all required inputs are provided and valid
before proceeding with the injection process.

Parameters:
line (str): A line of input that may contain additional parameters
or commands (not utilized within this method).

Raises:
ValueError: If the provided payload URL or target domain is empty,
indicating that these are required for the injection
process.

This method leverages user input for flexibility, allowing
customized testing scenarios for XSS vulnerabilities.

arjun

Executes an Arjun scan on the specified URL for parameter discovery.

This function checks if Arjun is installed on the system, installs it if necessary, and then constructs
a command to run Arjun against the provided URL with user-defined options.

Parameters:
line (str): Input line, not currently used.

Assets 2
Loading
0 Join discussion