Commit 8dd77b14 authored by Romain Bignon's avatar Romain Bignon

match_log config

parent 95269551
This diff is collapsed.
# Rename this file to goatser.conf.
[xss]
# Image to include on websites
# Image to include on websites.
img_url = http://parano.me/h
# File to log all matched URLs.
match_log = matched.log
[screenshot]
# Path to save screenshot request files.
queuedir = queue
......
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright (C) 2011 Romain Bignon
#
# goatser is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# goatser is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from __future__ import with_statement
import sys
import os
import urllib
......@@ -26,9 +44,10 @@ class Match(object):
self.data = None
class Config(object):
queuedir = 'queue'
browser = 'firefox'
img_url = 'http://parano.me/h'
img_url = 'http://parano.me/h'
match_log = 'matched.log'
queuedir = 'queue'
browser = 'firefox'
FILENAME = 'goatser.conf'
......@@ -41,6 +60,7 @@ class Config(object):
pass
else:
self.set_option('xss', 'img_url')
self.set_option('xss', 'match_log')
self.set_option('screenshot', 'queuedir')
self.set_option('screenshot', 'browser')
......@@ -182,15 +202,13 @@ command %s
match = self.check_form(form, self.FIRST_STR)
if match:
with open('debug', 'a') as f:
f.write('\n---------\n%s\n%s\n\n\n' % (match.url, match.data))
print 'FOUNDING..'
match = None
i = 0
while match is None and i < len(self.ESCAPES):
match = self.check_form(form, self.ESCAPES[i] + self.FINAL_STR, self.check_image)
if match:
with open('matched.txt', 'a') as f:
with open(self.config.match_log, 'a') as f:
f.write('%s\n' % (match.url))
print 'FOUND!'
self.snapshot(match)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment