Dec-08-2017, 11:27 PM
Hi,
I am writing (well.. trying) a script for security researchers to use, to identify and verify particular vulnerabilities automatically, to save them time and patch up ASAP. However, I am very new to Python.
At the moment, I have:
print " Loading payloads.. " time.sleep(2) payloads = ["lots", "of", "payloads", "removed", "them", "for", "your", "eyes", "protection"] print " Payloads loaded.. " findings = [] print "\n" url = raw_input(" Enter direct URL to SWF file: ") if 'https://' in url: pass if 'http://' in url: pass time.sleep(3) print " Scanning initiated on:", url time.sleep(1) req = urllib2.Request(url + urllib2.quote(payloads)) data = req.read() if "alert" in data or "xss" in data or "XSS" in data or "1337" in data: print " Found possible XSS in " + urlBut I am getting the following when inputting an URL:
Error:Traceback (most recent call last):
File "/home/six/PycharmProjects/myfile/myfile.py", line 208, in <module>
req = urllib2.Request(url + urllib2.quote(payloads))
File "/usr/lib64/python2.7/urllib.py", line 1296, in quote
if not s.rstrip(safe):
AttributeError: 'list' object has no attribute 'rstrip'
The aim is to load a URL, a SWF file more specifically, and add the payloads on the end - then read the response to verify if there was an alert popup or such from the payloads. However I'm getting errors and quite frankly, I've no idea how to do this.Any help on fixing this error, and general advice/guidance on how to achieve what I want will be appreciated. Thanks!