From 49554ee32d6db053f9061b202cefff8a71a43be6 Mon Sep 17 00:00:00 2001 From: Bhagirath Saxena <72344025+rix4uni@users.noreply.github.com> Date: Sun, 4 Aug 2024 12:09:19 +0530 Subject: [PATCH] Update xsschecker.go --- xsschecker.go | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/xsschecker.go b/xsschecker.go index e6cc928..25b9a40 100644 --- a/xsschecker.go +++ b/xsschecker.go @@ -14,21 +14,30 @@ import ( "time" ) +const version = "0.0.3" + func printUsage() { fmt.Println("Usage: xsschecker [OPTIONS]") fmt.Println("\nOptions:") flag.PrintDefaults() } +func printVersion() { + fmt.Printf("xsschecker version %s\n", version) +} + func main() { // Suppress the default error output of the flag package flag.CommandLine.Usage = func() {} // Define the flags with clearer descriptions + versionFlag := flag.Bool("version", false, "Print the version of the tool and exit.") matchString := flag.String("match", "alert(1), confirm(1), prompt(1)", "The string(s) to match against the domain response. Separate multiple strings with commas. (required)") onlyVulnerable := flag.Bool("vuln", false, "If set, only vulnerable URLs will be printed.") timeout := flag.Int("timeout", 15, "Timeout for HTTP requests in seconds.") outputFile := flag.String("o", "", "File to save the output.") + appendOutput := flag.String("ao", "", "File to append the output instead of overwriting.") + noColor := flag.Bool("nc", false, "Do not use colored output.") threads := flag.Int("t", 20, "Number of concurrent threads.") userAgent := flag.String("H", "XSSChecker/1.0", "Custom User-Agent header for HTTP requests.") verbose := flag.Bool("v", false, "Enable verbose output for debugging purposes.") @@ -38,7 +47,7 @@ func main() { singleURL := flag.String("u", "", "Single URL to test.") skipStatusCodes := flag.String("ssc", "", "Comma-separated status codes to skip all URLs from a domain if encountered (e.g., 403,500).") maxStatusCodeSkips := flag.Int("maxssc", 2, "Maximum number of status code responses required before skipping all URLs from that domain.") - skipServer := flag.String("scdn", "", "Server name to skip all URLs for (e.g., cloudflare).") + skipServer := flag.String("scdn", "", "Server name to skip all URLs for (e.g., cloudflare.)") // Custom flag parsing to handle unknown flags flag.CommandLine.Init(os.Args[0], flag.ContinueOnError) @@ -48,6 +57,12 @@ func main() { return } + // Print version and exit if --version flag is provided + if *versionFlag { + printVersion() + return + } + // If no flags are provided or required flags are missing, print usage and exit. if len(os.Args) == 1 { printUsage() @@ -101,7 +116,7 @@ func main() { client.Transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)} } - // Create output file if specified + // Create or open output file if specified var output *os.File if *outputFile != "" { output, err = os.Create(*outputFile) @@ -110,6 +125,13 @@ func main() { return } defer output.Close() + } else if *appendOutput != "" { + output, err = os.OpenFile(*appendOutput, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + fmt.Println("Error opening output file for appending:", err) + return + } + defer output.Close() } skippedDomains := make(map[string]int) @@ -178,9 +200,17 @@ func main() { server := resp.Header.Get("Server") outputStr := "" if isVulnerable { - outputStr = fmt.Sprintf("\033[1;31mVulnerable: %s[%s] %s\033[0;0m\n", status, server, domain) + if *noColor { + outputStr = fmt.Sprintf("Vulnerable: %s[%s] %s\n", status, server, domain) + } else { + outputStr = fmt.Sprintf("\033[1;31mVulnerable: %s[%s] %s\033[0;0m\n", status, server, domain) + } } else if !*onlyVulnerable { // If onlyVulnerable is false, print non-vulnerable URLs - outputStr = fmt.Sprintf("\033[1;35mNot Vulnerable: %s[%s] %s\033[0;0m\n", status, server, domain) + if *noColor { + outputStr = fmt.Sprintf("Not Vulnerable: %s[%s] %s\n", status, server, domain) + } else { + outputStr = fmt.Sprintf("\033[1;35mNot Vulnerable: %s[%s] %s\033[0;0m\n", status, server, domain) + } } fmt.Print(outputStr)