mirror/maigret
1
0
Fork 0
mirror of https://github.com/soxoj/maigret.git synced 2026-05-07 06:24:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added XSS.is activation method and GET params support

Browse Source
This commit is contained in:
Soxoj
2021-01-21 01:08:29 +03:00
parent 69a3d17608
commit 36ccafbb3d
4 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
maigret/activation.py
+18 -2
View File
@@ -2,7 +2,7 @@ import requests
class ParsingActivator: class ParsingActivator:
@staticmethod @staticmethod
def twitter(site, logger): def twitter(site, logger, cookies={}):
headers = dict(site.headers) headers = dict(site.headers)
del headers['x-guest-token'] del headers['x-guest-token']
r = requests.post(site.activation['url'], headers=headers) r = requests.post(site.activation['url'], headers=headers)
@@ -12,10 +12,26 @@ class ParsingActivator:
site.headers['x-guest-token'] = guest_token site.headers['x-guest-token'] = guest_token
@staticmethod @staticmethod
def vimeo(site, logger): def vimeo(site, logger, cookies={}):
headers = dict(site.headers) headers = dict(site.headers)
if 'Authorization' in headers: if 'Authorization' in headers:
del headers['Authorization'] del headers['Authorization']
r = requests.get(site.activation['url'], headers=headers) r = requests.get(site.activation['url'], headers=headers)
jwt_token = r.json()['jwt'] jwt_token = r.json()['jwt']
site.headers['Authorization'] = 'jwt ' + jwt_token site.headers['Authorization'] = 'jwt ' + jwt_token
@staticmethod
def xssis(site, logger, cookies={}):
if not cookies:
logger.debug('You must have cookies to activate xss.is parsing!')
return
headers = dict(site.headers)
post_data = {
'_xfResponseType': 'json',
'_xfToken': '1611177919,a2710362e45dad9aa1da381e21941a38'
}
headers['content-type'] = 'application/x-www-form-urlencoded; charset=UTF-8'
r = requests.post(site.activation['url'], headers=headers, cookies=cookies, data=post_data)
csrf = r.json()['csrf']
site.get_params['_xfToken'] = csrf
maigret/maigret.py
+4 -1
View File
@@ -386,6 +386,7 @@ async def maigret(username, site_dict, query_notify, logger,
results_site['username'] = username results_site['username'] = username
results_site['parsing_enabled'] = recursive_search results_site['parsing_enabled'] = recursive_search
results_site['url_main'] = site.url_main results_site['url_main'] = site.url_main
results_site['cookies'] = cookies_dict
headers = { headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:55.0) Gecko/20100101 Firefox/55.0', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:55.0) Gecko/20100101 Firefox/55.0',
@@ -431,6 +432,8 @@ async def maigret(username, site_dict, query_notify, logger,
username=username, username=username,
) )
for k, v in site.get_params.items():
url_probe += f'&{k}={v}'
if site.check_type == 'status_code' and site.request_head_only: if site.check_type == 'status_code' and site.request_head_only:
# In most cases when we are detecting by status code, # In most cases when we are detecting by status code,
@@ -657,7 +660,7 @@ async def main():
parser.add_argument("--json", "-j", metavar="JSON_FILE", parser.add_argument("--json", "-j", metavar="JSON_FILE",
dest="json_file", default=None, dest="json_file", default=None,
help="Load data from a JSON file or an online, valid, JSON file.") help="Load data from a JSON file or an online, valid, JSON file.")
parser.add_argument("--cookie", metavar="COOKIE_FILE", parser.add_argument("--cookies-jar-file", metavar="COOKIE_FILE",
dest="cookie_file", default=None, dest="cookie_file", default=None,
help="File with cookies.") help="File with cookies.")
parser.add_argument("--timeout", parser.add_argument("--timeout",
maigret/resources/data.json
+14 -2
View File
@@ -1588,8 +1588,20 @@
"usernameUnclaimed": "noonewouldeverusethis7" "usernameUnclaimed": "noonewouldeverusethis7"
}, },
"XSS.is": { "XSS.is": {
"activation": {
"method": "xssis",
"marks": [
"errorHtml"
],
"url": "https://xss.is/login/keep-alive",
"src": "csrf",
"dst": "x-guest-token"
},
"checkType": "status_code", "checkType": "status_code",
"url": "https://xss.is/index.php?members/find&q={username}&_xfToken=1611176826%2Ce821e74f39e8436e2b599758f6fa5387&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json", "getParams": {
"_xfToken": "1611179947,a2710362e45dad9aa1da381e21941a38"
},
"url": "https://xss.is/index.php?members/find&q={username}&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json",
"urlMain": "https://xss.is", "urlMain": "https://xss.is",
"usernameClaimed": "adam", "usernameClaimed": "adam",
"usernameUnclaimed": "noonewouldeverusethis7" "usernameUnclaimed": "noonewouldeverusethis7"
@@ -13436,7 +13448,7 @@
"sec-ch-ua": "Google Chrome\";v=\"87\", \" Not;A Brand\";v=\"99\", \"Chromium\";v=\"87\"", "sec-ch-ua": "Google Chrome\";v=\"87\", \" Not;A Brand\";v=\"99\", \"Chromium\";v=\"87\"",
"authorization": "Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA", "authorization": "Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
"x-guest-token": "1350800018744160259" "x-guest-token": "1351631725676388352"
}, },
"errors": { "errors": {
"Bad guest token": "x-guest-token update required" "Bad guest token": "x-guest-token update required"
maigret/sites.py
+1
View File
@@ -38,6 +38,7 @@ class MaigretSite:
self.url_probe = None self.url_probe = None
self.check_type = '' self.check_type = ''
self.request_head_only = '' self.request_head_only = ''
self.get_params = {}
self.presense_strs = [] self.presense_strs = []
self.absence_strs = [] self.absence_strs = []