Class: API_Fuzzer::XssCheck

Inherits:

Object

Object
API_Fuzzer::XssCheck

Defined in:: lib/API_Fuzzer/xss_check.rb

Constant Summary collapse

ALLOWED_METHODS =

[:get, :post].freeze

PAYLOADS =

[]

PAYLOAD_PATH =

File.expand_path('../../../payloads/xss.txt', __FILE__)

Instance Attribute Summary collapse

#parameters ⇒ Object

Returns the value of attribute parameters.

Class Method Summary collapse

.scan(options = {}) ⇒ Object

Instance Attribute Details

#parameters ⇒ `Object`

Returns the value of attribute parameters.



10
11
12

# File 'lib/API_Fuzzer/xss_check.rb', line 10

def parameters
  @parameters
end

Class Method Details

.scan(options = {}) ⇒ `Object`

Raises:

(InvalidURLError)

# File 'lib/API_Fuzzer/xss_check.rb', line 16

def self.scan(options = {})
  @url = options[:url] || nil
  raise InvalidURLError, "[ERROR] URL missing in argument" unless @url
  @params = options[:params] || {}
  @cookies = options[:cookies] || {}
  @headers = options[:headers] || {}
  @json = options[:json] || false
  @vulnerabilities = []

  fetch_payloads
  PAYLOADS.each do |payload|
    fuzz_each_payload(payload)
  end
  @vulnerabilities.uniq { |vuln| vuln.description }
end

Class: API_Fuzzer::XssCheck

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Attribute Details

#parameters ⇒ Object

Class Method Details

.scan(options = {}) ⇒ Object

#parameters ⇒ `Object`

.scan(options = {}) ⇒ `Object`