Damn Small SQLi Scanner (DSSS) < 100 LOC (Lines of Code)


Damn Small SQLi Scanner (DSSS) has been made as a PoC where I wanted to show that commercial (SQLi) scanners can be beaten under 100 lines of code.

It supports GET and POST parameters, blind/error SQLi tests and advanced comparison of different response attributes to distinguish blind responses. If you are satisfied with your commercial tool scanning results then I believe that you could even be more satisfied with this one.

As of optional settings it supports HTTP proxy together with HTTP header values "User-Agent", "Referer" and "Cookie".

p.s. Python v2.6 or v2.7 is required for running this program


Latest source code can be found here (update: current version is v0.2 - Nov 13th 2011).


How to use -

$ python dsxs.py
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

Usage: dsxs.py [options]

Options:
--version show program's version number and exit
-h, --help show this help message and exit
-u URL, --url=URL Target URL (e.g. "http://www.target.com/page.htm?id=1")
--data=DATA POST data (e.g. "query=test")
--cookie=COOKIE HTTP Cookie header value
--user-agent=UA HTTP User-Agent header value
--random-agent Use randomly selected HTTP User-Agent header value
--referer=REFERER HTTP Referer header value
--proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")

$ python dsxs.py -u "http://zero.webappsecurity.com/login1.asp" --data="login=te
st&password=test&graphicOption=minimum" --random-agent
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

* scanning POST parameter 'login'
(i) POST parameter 'login' appears to be XSS vulnerable (">...<", outside tags,
some filtering))
* scanning POST parameter 'password'
* scanning POST parameter 'graphicOption'

scan results: possible vulnerabilities found

$ python dsxs.py -u "http://xss.progphp.com/xss8.html?input=1" --random-agent
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

* scanning GET parameter 'input'
(i) GET parameter 'input' appears to be XSS vulnerable ("...", pure text respon
se, no filtering))

scan results: possible vulnerabilities found

$ python dsxs.py -u "http://xss.progphp.com/xss12.html" --data="bar=secret&foo=t
est"
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

* scanning POST parameter 'bar'
* scanning POST parameter 'foo'
(i) POST parameter 'foo' appears to be XSS vulnerable ("<.'...'.>", inside tag,
inside single-quotes, some filtering))

scan results: possible vulnerabilities found

Download
https://github.com/stamparm/DSSS

Website
http://unconciousmind.blogspot.com/
http://unconciousmind.blogspot.com/2011/07/damn-small-sqli-scanner-dsss.html
https://github.com/stamparm/DSSS