Code an XSS scanner in 2 lines of code in Python!

Yes, you read the right! And here is the video:

Python has made life easier for all of us ! Everything can be done in just a few lines of code thanks to its extensive libraries. But when it comes to cyber security, python has nothing much to offer except a few libraries that do general functionalities such as sending HTTP requests for example or parsing HTML content or sniffing the network… All of that is good, but it’s all on the developer’s shoulders to build his own tools using these basic functionalities. But not anymore ! The “bane” library is the way to go from now on:

“The “bane” Python library stands out as a robust toolkit catering to a wide spectrum of cybersecurity and networking tasks. Its versatile range of functionalities covers various aspects, including bruteforce attacks, cryptographic methods, DDoS attacks, information gathering, botnet creation and management, and CMS vulnerability scanning, among others. The library’s capabilities extend from performing bruteforce login attempts to analyzing web pages for vulnerabilities, managing botnets, and conducting thorough network discovery. Noteworthy is its rich selection of modules, which encompass encryption tools, security testing utilities, network scanning features, and other essential functions. This comprehensive library, written in pure Python, operates seamlessly on both Python 2 and 3, as well as Jython. Maintained diligently since April 2018 by its sole developer Ala Bouali, “bane” continues to evolve, offering cybersecurity professionals and network administrators a powerful and self-contained toolkit for their operations.”

This tool helped me to find many XSS vulnerabilities in web application. It is very useful and easy to use and configure. After all, it’s a flexible function with plenty parameters to improve your scan !

As someone who was here since 2016, I used my extensive knowledge and experience to create this tool from scratch. And today, I will show you how to use it to find XSS vulnerabilities with it: https://github.com/AlaBouali/bane

But first:

Installation :

You can find it here: https://github.com/AlaBouali/bane#installation

On Windows or Termux:

pip3 install bane

On Linux ( it may take few minutes ):

sudo pip3 install bane

Coding :

After we installed the library, it is time to put it to use ! As simple as this, in literally 2 lines of code:

import bane
bane.XSS_Scanner.scan('http://testphp.vulnweb.com/listproducts.php?artist=1')

That’s it ! The library has a class “XSS_Scanner” to scan pages for XSS vulnerabilities. It will first collect some URLs from the targeted URL’s source code. Then each URL will be fetched, extract all its: forms, URLs and medias (images, videos, iframes…) that belongs to that same domain. Each elements’s parameters of these will be tested against XSS vulnerability and check if the payload will be passed via any of them.

It can also detect any SQL / XML / Files / URLs related errors that can lead to: SQL injection , XML Entity Injection , Path Traversal and SSRF vulnerabilities. The returned value is a list of dicts that contains details about the vulnerable elements in each page as well as the mentioned detected errors.

If you want to use your own payload, then here you go:

import bane
bane.XSS_Scanner.scan('http://testphp.vulnweb.com/listproducts.php?artist=1',payload="<ScrIPT >alert()</scriPT >")

or you can pass a list of payloads and the number of pages to scan:

import bane
bane.XSS_Scanner.scan('http://testphp.vulnweb.com/listproducts.php?artist=1',payload=["<ScrIPT >alert()</scriPT >",'<details/open/ontoggle="alert()"'],max_pages=3)

or you can make it load payloads from a file and try them all:

import bane
bane.XSS_Scanner.scan('http://testphp.vulnweb.com/listproducts.php?artist=1',payload="xss_payloads.txt")

This library supports all types of proxies, you can add cookies, set your desired headers and more ! The detailed documentation can be found here: https://github.com/AlaBouali/bane/tree/master/bane/scanners/vulnerabilities#XSS_Scanner-class

I hope you enjoyed this article, thanks for the reading.