Commit 83feac8e authored by Romain Bignon's avatar Romain Bignon

goatser 1.0

parent 4ab90837
...@@ -6,7 +6,7 @@ Abstract ...@@ -6,7 +6,7 @@ Abstract
-------- --------
This project aim to find XSS trivial issues on websites and exploit them to This project aim to find XSS trivial issues on websites and exploit them to
print the Goatse© photo, and to take screenshots. print the Goatse photo, and to take screenshots.
Architecture Architecture
------------ ------------
...@@ -14,7 +14,7 @@ Architecture ...@@ -14,7 +14,7 @@ Architecture
A script named `goatser.py` is run with a keyword to search on Google©, and A script named `goatser.py` is run with a keyword to search on Google©, and
goes on each result websites. Then, it tries a trivial XSS `<b>GOATSE</b>` goes on each result websites. Then, it tries a trivial XSS `<b>GOATSE</b>`
pattern on each forms. After posting a form, if this pattern is found on pattern on each forms. After posting a form, if this pattern is found on
loaded page, the Goatse© photo is tried to be included in, then a parser is loaded page, the Goatse photo is tried to be included in, then a parser is
used to find it in the document. used to find it in the document.
Sometimes, we have to escape the pattern, for example with: Sometimes, we have to escape the pattern, for example with:
* "/> * "/>
...@@ -22,7 +22,7 @@ Architecture ...@@ -22,7 +22,7 @@ Architecture
* </title></head><body> * </title></head><body>
The bot also walks on links on main page which contain 'search' or 'cherch'. The bot also walks on links on main page which contain 'search' or 'cherch'.
When we're sure the Goatse© is included in document, a snapshot request is When we're sure the Goatse is included in document, a snapshot request is
created as a file in the `queue/` directory. Then, the daemon shotfactory created as a file in the `queue/` directory. Then, the daemon shotfactory
launches VNC and the browser, goes on website and takes a screenshot. launches VNC and the browser, goes on website and takes a screenshot.
...@@ -37,6 +37,11 @@ Depends ...@@ -37,6 +37,11 @@ Depends
* xautomation * xautomation
* scrot * scrot
Git it
------
$ git clone git://git.symlink.me/pub/romain/goatser.git
Setup Setup
----- -----
...@@ -49,7 +54,7 @@ Setup ...@@ -49,7 +54,7 @@ Setup
Use it Use it
------ ------
Then, run goatse: Then, run goatser:
$ ./goatser.py KEYWORD [START-PAGE [NB]] $ ./goatser.py KEYWORD [START-PAGE [NB]]
Parameters are: Parameters are:
......
...@@ -29,6 +29,7 @@ import mechanize ...@@ -29,6 +29,7 @@ import mechanize
import lxml.html import lxml.html
from ConfigParser import RawConfigParser, NoOptionError, NoSectionError from ConfigParser import RawConfigParser, NoOptionError, NoSectionError
VERSION = '1.0'
class Match(object): class Match(object):
def __init__(self): def __init__(self):
...@@ -164,14 +165,14 @@ class Browser(mechanize.Browser): ...@@ -164,14 +165,14 @@ class Browser(mechanize.Browser):
def check_image(self, match): def check_image(self, match):
""" """
Predicate for the `check_form` method to find the Goatse® img in Predicate for the `check_form` method to find the Goatse img in
document. document.
""" """
document = lxml.html.parse(match.res) document = lxml.html.parse(match.res)
for img in document.getiterator('img'): for img in document.getiterator('img'):
if 'src' in img.attrib and img.attrib['src'] == self.config.img_url: if 'src' in img.attrib and img.attrib['src'] == self.config.img_url:
parent = img.getparent() parent = img.getparent()
# Goatse is viewable only in <body>. # Goatse is viewable only in <body>.
while parent is not None: while parent is not None:
if parent.tag == 'body': if parent.tag == 'body':
return True return True
...@@ -227,7 +228,7 @@ command %s ...@@ -227,7 +228,7 @@ command %s
match = self.check_form(form, self.FIRST_STR) match = self.check_form(form, self.FIRST_STR)
if match: if match:
# The trivial pattern is found in the resulted page. Now let's # The trivial pattern is found in the resulted page. Now let's
# try a Goatse and find it in parsed document. # try a Goatse and find it in parsed document.
print 'FINDING..' print 'FINDING..'
match = None match = None
i = 0 i = 0
...@@ -242,9 +243,12 @@ command %s ...@@ -242,9 +243,12 @@ command %s
i += 1 i += 1
if __name__ == '__main__': if __name__ == '__main__':
if len(sys.argv) < 2: if len(sys.argv) < 2 or sys.argv[1] == '--help' or sys.argv[1] == '-h':
print 'Syntax: %s pattern [PAGE [NB]]' % sys.argv[0] print 'Syntax: %s pattern [PAGE [NB]]' % sys.argv[0]
sys.exit(1) sys.exit(1)
if sys.argv[1] == '--version':
print 'Goatser v%s Copyright(C) 2011 Romain Bignon' % VERSION
sys.exit(0)
pattern = sys.argv[1] pattern = sys.argv[1]
page = 1 page = 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment