Class: API_Fuzzer::XssCheck
- Inherits:
-
Object
- Object
- API_Fuzzer::XssCheck
- Defined in:
- lib/API_Fuzzer/xss_check.rb
Constant Summary collapse
- ALLOWED_METHODS =
[:get, :post].freeze
- PAYLOADS =
[]
- PAYLOAD_PATH =
File.('../../../payloads/xss.txt', __FILE__)
Instance Attribute Summary collapse
-
#parameters ⇒ Object
Returns the value of attribute parameters.
Class Method Summary collapse
Instance Attribute Details
#parameters ⇒ Object
Returns the value of attribute parameters.
10 11 12 |
# File 'lib/API_Fuzzer/xss_check.rb', line 10 def parameters @parameters end |
Class Method Details
.scan(options = {}) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/API_Fuzzer/xss_check.rb', line 16 def self.scan( = {}) @url = [:url] || nil raise InvalidURLError, "[ERROR] URL missing in argument" unless @url @params = [:params] || {} @cookies = [:cookies] || {} @headers = [:headers] || {} @json = [:json] || false @vulnerabilities = [] fetch_payloads PAYLOADS.each do |payload| fuzz_each_payload(payload) end @vulnerabilities.uniq { |vuln| vuln.description } end |