Added XSS.is activation method and GET params support

maigret/activation.py

@@ -2,7 +2,7 @@ import requests
 
 class ParsingActivator:
     @staticmethod
-    def twitter(site, logger):
+    def twitter(site, logger, cookies={}):
         headers = dict(site.headers)
         del headers['x-guest-token']
         r = requests.post(site.activation['url'], headers=headers)
@@ -12,10 +12,26 @@ class ParsingActivator:
         site.headers['x-guest-token'] = guest_token
 
     @staticmethod
-    def vimeo(site, logger):
+    def vimeo(site, logger, cookies={}):
         headers = dict(site.headers)
         if 'Authorization' in headers:
             del headers['Authorization']
         r = requests.get(site.activation['url'], headers=headers)
         jwt_token = r.json()['jwt']
         site.headers['Authorization'] = 'jwt ' + jwt_token
+
+    @staticmethod
+    def xssis(site, logger, cookies={}):
+        if not cookies:
+            logger.debug('You must have cookies to activate xss.is parsing!')
+            return
+
+        headers = dict(site.headers)
+        post_data = {
+            '_xfResponseType': 'json',
+            '_xfToken': '1611177919,a2710362e45dad9aa1da381e21941a38'
+        }
+        headers['content-type'] = 'application/x-www-form-urlencoded; charset=UTF-8'
+        r = requests.post(site.activation['url'], headers=headers, cookies=cookies, data=post_data)
+        csrf = r.json()['csrf']
+        site.get_params['_xfToken'] = csrf

maigret/maigret.py

@@ -386,6 +386,7 @@ async def maigret(username, site_dict, query_notify, logger,
         results_site['username'] = username
         results_site['parsing_enabled'] = recursive_search
         results_site['url_main'] = site.url_main
+        results_site['cookies'] = cookies_dict
 
         headers = {
             'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:55.0) Gecko/20100101 Firefox/55.0',
@@ -431,6 +432,8 @@ async def maigret(username, site_dict, query_notify, logger,
                     username=username,
                 )
 
+            for k, v in site.get_params.items():
+                url_probe += f'&{k}={v}'
 
             if site.check_type == 'status_code' and site.request_head_only:
                 # In most cases when we are detecting by status code,
@@ -657,7 +660,7 @@ async def main():
     parser.add_argument("--json", "-j", metavar="JSON_FILE",
                         dest="json_file", default=None,
                         help="Load data from a JSON file or an online, valid, JSON file.")
-    parser.add_argument("--cookie", metavar="COOKIE_FILE",
+    parser.add_argument("--cookies-jar-file", metavar="COOKIE_FILE",
                         dest="cookie_file", default=None,
                         help="File with cookies.")
     parser.add_argument("--timeout",

maigret/resources/data.json

@@ -1588,8 +1588,20 @@
             "usernameUnclaimed": "noonewouldeverusethis7"
         },
         "XSS.is": {
+            "activation": {
+                "method": "xssis",
+                "marks": [
+                    "errorHtml"
+                ],
+                "url": "https://xss.is/login/keep-alive",
+                "src": "csrf",
+                "dst": "x-guest-token"
+            },
             "checkType": "status_code",
-            "url": "https://xss.is/index.php?members/find&q={username}&_xfToken=1611176826%2Ce821e74f39e8436e2b599758f6fa5387&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json",
+            "getParams": {
+                "_xfToken": "1611179947,a2710362e45dad9aa1da381e21941a38"
+            },
+            "url": "https://xss.is/index.php?members/find&q={username}&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json",
             "urlMain": "https://xss.is",
             "usernameClaimed": "adam",
             "usernameUnclaimed": "noonewouldeverusethis7"
@@ -13436,7 +13448,7 @@
                 "sec-ch-ua": "Google Chrome\";v=\"87\", \" Not;A Brand\";v=\"99\", \"Chromium\";v=\"87\"",
                 "authorization": "Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA",
                 "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
-                "x-guest-token": "1350800018744160259"
+                "x-guest-token": "1351631725676388352"
             },
             "errors": {
                 "Bad guest token": "x-guest-token update required"

maigret/sites.py

@@ -38,6 +38,7 @@ class MaigretSite:
         self.url_probe = None
         self.check_type = ''
         self.request_head_only = ''
+        self.get_params = {}
 
         self.presense_strs = []
         self.absence_strs = []