Error when try to scan #419

Azamat32 · 2024-12-27T07:22:22Z

Describe the bug
A error occurs when i try to scan some website

To Reproduce
python xsstrike.py -u https://<domain_name>/catalogue/result?q=21

and it shows this:
Checking for DOM vulnerabilities
[+] WAF Status: Offline
[!] Testing parameter: q
[!] Reflections found: 23
[] Analysing reflections
[] Generating payloads
Traceback (most recent call last):
File "/home/atastemi/XSStrike/xsstrike.py", line 174, in
scan(target, paramData, encoding, headers, delay, timeout, skipDOM, skip)
File "/home/atastemi/XSStrike/modes/scan.py", line 81, in scan
vectors = generator(occurences, response.text)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/atastemi/XSStrike/core/generator.py", line 136, in generator
closer = jsContexter(script)
^^^^^^^^^^^^^^^^^^^
File "/home/atastemi/XSStrike/core/jsContexter.py", line 11, in jsContexter
pre = re.sub(r'(?s){.?}|(?s)(.?)|(?s)".?"|(?s)'.?'', '', pre)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 185, in sub
return _compile(pattern, flags).sub(repl, string, count)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 294, in _compile
p = _compiler.compile(pattern, flags)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_compiler.py", line 743, in compile
p = _parser.parse(p, flags)
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 980, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 455, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 841, in _parse
raise source.error('global flags not at the start '
re.error: global flags not at the start of the expression at position 12

Environment:

OS: Parrot OS
Python version 3.11.2
I am using the latest version of XSStrike.
I installed the dependecies using pip3 instead of pip
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

The text was updated successfully, but these errors were encountered:

MatkimuraApe · 2024-12-28T02:39:57Z

getting the same here

exon2000 · 2025-01-04T08:21:26Z

Hello here is the fix :

┌──(root㉿kali)-[~/XSStrike]
└─# rm /root/XSStrike/core/jsContexter.py

┌──(root㉿kali)-[~/XSStrike]
└─# nano /root/XSStrike/core/jsContexter.py

copy past this into :
import re

from core.config import xsschecker
from core.utils import stripper

def jsContexter(script):
broken = script.split(xsschecker)
pre = broken[0]

pre = re.sub(r'(?s)\{.*?\}', '', pre)
pre = re.sub(r'(?s)\(.*?\)', '', pre)
pre = re.sub(r'(?s)".*?"', '', pre)
pre = re.sub(r"(?s)'.*?'", '', pre)

breaker = ''
num = 0

for char in pre:
    if char == '{':
        breaker += '}'
    elif char == '(':
        breaker += ';)'
    elif char == '[':
        breaker += ']'
    elif char == '/':
        try:
            if pre[num + 1] == '*':
                breaker += '/*'
        except IndexError:
            pass
    elif char == '}':
        breaker = stripper(breaker, '}')
    elif char == ')':
        breaker = stripper(breaker, ')')
    elif char == ']':
        breaker = stripper(breaker, ']')
    num += 1

return breaker[::-1]

hope you liked it

MatkimuraApe · 2025-01-06T04:05:43Z

this is what i got

File "/home/mape/.local/bin/xsstrike", line 8, in
sys.exit(main())
^^^^^^
File "/home/mape/.local/share/pipx/venvs/xsstrike/lib/python3.12/site-packages/xsstrike/xsstrikesback.py", line 174, in main
scan(target, paramData, encoding, headers, delay, timeout, skipDOM, skip, payload_count)
File "/home/mape/.local/share/pipx/venvs/xsstrike/lib/python3.12/site-packages/xsstrike/modes/scan.py", line 87, in scan
vectors = generator(occurences, response.text)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/mape/.local/share/pipx/venvs/xsstrike/lib/python3.12/site-packages/xsstrike/core/generator.py", line 136, in generator
closer = jsContexter(script)
^^^^^^^^^^^^^^^^^^^
File "/home/mape/.local/share/pipx/venvs/xsstrike/lib/python3.12/site-packages/xsstrike/core/jsContexter.py", line 11, in jsContexter
pre = re.sub(r'(?s){.?}|(?s)(.?)|(?s)".?"|(?s)'.?'', '', pre)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/re/init.py", line 186, in sub
return _compile(pattern, flags).sub(repl, string, count)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/re/init.py", line 307, in _compile
p = _compiler.compile(pattern, flags)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/re/_compiler.py", line 745, in compile
p = _parser.parse(p, flags)
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/re/_parser.py", line 979, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/re/_parser.py", line 460, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/re/_parser.py", line 840, in _parse
raise source.error('global flags not at the start '
re.error: global flags not at the start of the expression at position 12

MartinPSDev · 2025-01-16T01:34:58Z

getting the same issue

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error when try to scan #419

Error when try to scan #419

Azamat32 commented Dec 27, 2024

MatkimuraApe commented Dec 28, 2024

exon2000 commented Jan 4, 2025

MatkimuraApe commented Jan 6, 2025

MartinPSDev commented Jan 16, 2025

Error when try to scan #419

Error when try to scan #419

Comments

Azamat32 commented Dec 27, 2024

MatkimuraApe commented Dec 28, 2024

exon2000 commented Jan 4, 2025

MatkimuraApe commented Jan 6, 2025

MartinPSDev commented Jan 16, 2025