-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathstartExtension.js
More file actions
executable file
·157 lines (130 loc) · 11.3 KB
/
startExtension.js
File metadata and controls
executable file
·157 lines (130 loc) · 11.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
/* eslint-disable no-undef */
// eslint-disable-next-line no-unused-expressions
(function () {
let guiView = ''
guiView += '<style>';
guiView += 'input[type="checkbox"] {';
guiView += 'background-color: #e1e1e1;';
guiView += 'accent-color: brown;';
guiView += '}';
guiView += '</style>';
guiView += '<div class="modal fade" id="guiModal" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true">'
guiView += ' <div class="modal-dialog modal-xl">'
guiView += ' <div class="modal-content">'
guiView += ' <div class="modal-header">'
guiView += ' <h5 class="modal-title" id="exampleModalLabel">Scan Results</h5>'
guiView += ' <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>'
guiView += ' </div>'
guiView += ' <div class="modal-body">'
guiView += ' <div class="accordion" id="accordionExample">You must Scan the Page first</div>'
guiView += ' </div>'
guiView += ' <div class="modal-footer">'
guiView += ' <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>'
guiView += ' </div>'
guiView += ' </div>'
guiView += ' </div>'
guiView += '</div>'
let javaScreamPupupView = ''
javaScreamPupupView += '<div id="jsBugHuntingHelperDiv" style="z-index:1000000;position:fixed;bottom:10px;right:10px; background: rgb(215,208,208); background: linear-gradient(90deg, rgba(215,208,208,1) 0%, rgba(146,145,161,1) 25%, rgba(146,145,161,1) 85%, rgba(215,208,208,1) 100%); border-radius:5px; padding:20px;font-size:16px;color:black;font-family:\'-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif\';">'
javaScreamPupupView += ' <div class="bigContainer" style="display:none">'
javaScreamPupupView += ' <div style="text-align:right"><a style="text-decoration:none;color:white;" class="minimizeAction" href="javascript:">min</a></div>'
javaScreamPupupView += ' <div><h3>Manual Fuzzer / Bruteforcing Url</h3></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="manualFuzzerUrl" type="text" placeholder="Full URL https://website.com/file.ext" /></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="bruteforcerEmail" type="text" placeholder="Login Email" /></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="manualFuzzerMethod" type="text" placeholder="HTTP Method (GET, POST, ...)" /></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="manualFuzzerParams" type="text" placeholder=\'Params: {"id":"1", "name":"david" } )\' /></div>'
javaScreamPupupView += ' <div><h3>Optional Settings</h3></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="customCookie" type="text" placeholder="Custom Cookie Value PHPSESSID=123" /></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="customHeaders" type="text" placeholder=\'Additional Headers {"X-Forwarded-For":"203.0.113.195"}\' /></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="attackerIp" type="text" placeholder="Attacker IP (RCE, SQLi)" /></div>'
javaScreamPupupView += ' <div><input style="background-color:#e1e1e1;width:100%;font-size:16px;margin-bottom:20px;" id="attackerPort" type="text" placeholder="Attacker Port (RCE, SQLi)" /></div>'
javaScreamPupupView += ' <div><h3>Fuzzer Settings</h3></div>'
javaScreamPupupView += ' <div><input id="xssScanEnabled" type="checkbox" /><label style="padding-left:5px">XSS Scan Enabled</label></div>'
javaScreamPupupView += ' <div><input id="sqliScanEnabled" type="checkbox" /><label style="padding-left:5px">SQLi Scan Enabled</label></div>'
javaScreamPupupView += ' <div><input id="rceScanEnabled" type="checkbox" /><label style="padding-left:5px">RCE Scan Enabled</label></div>'
javaScreamPupupView += ' <div><input id="laravelScanEnabled" " type="checkbox" /><label style="padding-left:5px">Laravel Scan Enabled</label></div>'
javaScreamPupupView += ' <div><input id="bruteforcerEnabled" type="checkbox" /><label style="padding-left:5px">Bruteforcer Enabled</label></div>'
javaScreamPupupView += ' <div><input id="formFuzzerEnabled" type="checkbox" /><label style="padding-left:5px">FormFuzzer Enabled</label></div>'
javaScreamPupupView += ' <div><input id="cookiesFuzzerEnabled" type="checkbox" /><label style="padding-left:5px">Cookies Fuzzer Enabled</label></div>'
javaScreamPupupView += ' <div><input id="headersFuzzerEnabled" type="checkbox" /><label style="padding-left:5px">Custom Headers Fuzzer Enabled</label></div>'
javaScreamPupupView += ' <div><button id="manualFuzzerButton" type="button" style="background-color: black; border-radius: 5px; padding: 10px; font-size: 20px; color: white; width: 100%;">Manual Fuzz</button></div>'
javaScreamPupupView += ' <div><button id="scanButton" type="button" style="background-color: black; border-radius: 5px; padding: 10px; font-size: 20px; color: white; width: 100%;">Normal Scan</button></div>'
javaScreamPupupView += ' <div><button id="spiderButton" type="button" style="background-color: black; border-radius: 5px; padding: 10px; font-size: 20px; color: white; width: 100%;">Spider</button></div>'
javaScreamPupupView += ' <div><button id="openGuiButton" disabled="disabled" type="button" data-bs-toggle="modal" data-bs-target="#guiModal" style="background-color: brown; border-radius: 5px; padding: 10px; font-size: 20px; color: white; width: 100%;">Please Scan</button></div>'
javaScreamPupupView += ' </div>'
javaScreamPupupView += ' <div class="smallContainer">'
javaScreamPupupView += ' <div class="pull-right"><a href="javascript:" style="text-decoration:none; color:white;" class="maximizeAction">JavaScream</a></div>'
javaScreamPupupView += ' </div>'
javaScreamPupupView += '</div>'
const javaScreamView = guiView + javaScreamPupupView
$('body').append(javaScreamView)
$('#jsBugHuntingHelperDiv .minimizeAction').click(() => {
$('#jsBugHuntingHelperDiv .bigContainer').hide()
$('#jsBugHuntingHelperDiv .smallContainer').show()
})
$('#jsBugHuntingHelperDiv .maximizeAction').click(() => {
$('#jsBugHuntingHelperDiv .smallContainer').hide()
$('#jsBugHuntingHelperDiv .bigContainer').show()
})
$('#jsBugHuntingHelperDiv #scanButton').click(() => {
const xssScanEnabled = document.getElementById('xssScanEnabled').checked
const sqliScanEnabled = document.getElementById('sqliScanEnabled').checked
const rceScanEnabled = document.getElementById('rceScanEnabled').checked
const laravelScanEnabled = document.getElementById('laravelScanEnabled').checked
const bruteforcerEnabled = document.getElementById('bruteforcerEnabled').checked
const bruteforcerUrl = document.getElementById('manualFuzzerUrl').value
const bruteforcerEmail = document.getElementById('bruteforcerEmail').value
const formFuzzerEnabled = document.getElementById('formFuzzerEnabled').checked
const attackerIp = document.getElementById('attackerIp').value
const attackerPort = document.getElementById('attackerPort').value
const customCookie = document.getElementById('customCookie').value
const customHeaders = document.getElementById('customHeaders').value
const cookiesFuzzerEnabled = document.getElementById('cookiesFuzzerEnabled').checked
const headersFuzzerEnabled = document.getElementById('headersFuzzerEnabled').checked
// eslint-disable-next-line no-undef
jBHH.init(xssScanEnabled, sqliScanEnabled, rceScanEnabled, laravelScanEnabled, bruteforcerEnabled, bruteforcerUrl, bruteforcerEmail, formFuzzerEnabled, attackerIp, attackerPort, customCookie, customHeaders, cookiesFuzzerEnabled, headersFuzzerEnabled)
jBHH.normalScan()
})
$('#jsBugHuntingHelperDiv #manualFuzzerButton').click(() => {
const xssScanEnabled = document.getElementById('xssScanEnabled').checked
const sqliScanEnabled = document.getElementById('sqliScanEnabled').checked
const rceScanEnabled = document.getElementById('rceScanEnabled').checked
const laravelScanEnabled = document.getElementById('laravelScanEnabled').checked
const bruteforcerEnabled = document.getElementById('bruteforcerEnabled').checked
const bruteforcerUrl = document.getElementById('manualFuzzerUrl').value
const bruteforcerEmail = document.getElementById('bruteforcerEmail').value
const formFuzzerEnabled = document.getElementById('formFuzzerEnabled').checked
const attackerIp = document.getElementById('attackerIp').value
const attackerPort = document.getElementById('attackerPort').value
const manualFuzzerUrl = document.getElementById('manualFuzzerUrl').value
const manualFuzzerMethod = document.getElementById('manualFuzzerMethod').value
const manualFuzzerParams = document.getElementById('manualFuzzerParams').value
const customCookie = document.getElementById('customCookie').value
const customHeaders = document.getElementById('customHeaders').value
const cookiesFuzzerEnabled = document.getElementById('cookiesFuzzerEnabled').checked
const headersFuzzerEnabled = document.getElementById('headersFuzzerEnabled').checked
// eslint-disable-next-line no-undef
jBHH.init(xssScanEnabled, sqliScanEnabled, rceScanEnabled, laravelScanEnabled, bruteforcerEnabled, bruteforcerUrl, bruteforcerEmail, formFuzzerEnabled, attackerIp, attackerPort, customCookie, customHeaders, cookiesFuzzerEnabled, headersFuzzerEnabled)
jBHH.manualFuzzer(manualFuzzerUrl, manualFuzzerMethod, manualFuzzerParams)
})
$('#jsBugHuntingHelperDiv #spiderButton').click(() => {
const xssScanEnabled = document.getElementById('xssScanEnabled').checked
const sqliScanEnabled = document.getElementById('sqliScanEnabled').checked
const rceScanEnabled = document.getElementById('rceScanEnabled').checked
const laravelScanEnabled = document.getElementById('laravelScanEnabled').checked
const bruteforcerEnabled = document.getElementById('bruteforcerEnabled').checked
const formFuzzerEnabled = document.getElementById('formFuzzerEnabled').checked
const attackerIp = document.getElementById('attackerIp').value
const attackerPort = document.getElementById('attackerPort').value
// const manualFuzzerUrl = document.getElementById('manualFuzzerUrl').value
// const manualFuzzerMethod = document.getElementById('manualFuzzerMethod').value
// const manualFuzzerParams = document.getElementById('manualFuzzerParams').value
const customCookie = document.getElementById('customCookie').value
const customHeaders = document.getElementById('customHeaders').value
const cookiesFuzzerEnabled = document.getElementById('cookiesFuzzerEnabled').checked
const headersFuzzerEnabled = document.getElementById('headersFuzzerEnabled').checked
// eslint-disable-next-line no-undef
jBHH.init(xssScanEnabled, sqliScanEnabled, rceScanEnabled, laravelScanEnabled, bruteforcerEnabled, formFuzzerEnabled, attackerIp, attackerPort, customCookie, customHeaders, cookiesFuzzerEnabled, headersFuzzerEnabled)
jBHH.spider()
})
})()