From 759c0da9387db864f054f0273bea89c028cf1773 Mon Sep 17 00:00:00 2001
From: Robotshell <51330800+robotshell@users.noreply.github.com>
Date: Tue, 24 Aug 2021 17:40:01 +0200
Subject: [PATCH] Add csrf scanner

---
 magicrecon.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/magicrecon.sh b/magicrecon.sh
index b55f269..a7c9ada 100755
--- a/magicrecon.sh
+++ b/magicrecon.sh
@@ -214,6 +214,11 @@ vulnerabilities(){
 	printf "${NORMAL}${CYAN}Checking all known misconfigurations in CORS implementations...${NORMAL}\n\n"
 	python3 ~/tools/Corsy/corsy.py -u $domainName | tee cors.txt
 	
+	printf "\n${GREEN}[+] Vulnerability:  Cross Site Request Forgery (CSRF/XSRF)${NORMAL}\n"
+	printf "${NORMAL}${CYAN}Checking all known misconfigurations in CORS implementations...${NORMAL}\n\n"
+	xsrfprobe -u $domainName --crawl --malicious > csrf.txt
+	cat csrf.txt
+	
 	printf "\n${GREEN}[+] Vulnerability: Open Redirect${NORMAL}\n"
 	printf "${NORMAL}${CYAN}Finding Open redirect entry points in the domain...${NORMAL}\n\n"
 	gau $domain | gf redirect archive | qsreplace | tee or_urls.txt