r0075h3ll / oralyzer Goto Github PK

View Code? Open in Web Editor NEW

702.0 17.0 92.0 70 KB

Open Redirection Analyzer

License: GNU General Public License v3.0

Python 100.00%

crlf-injection dom-xss scanner open-redirections

oralyzer's People

Contributors

Stargazers

Watchers

Forkers

gnebbia killvxk 3453-315h polling-repo-continua bbhunter rajivraj sec-js 5l1v3r1 hollow667 snrtherock cyal1 vishal9066 forkbomb444 chouaibhm hack3roneness evcuq4hggjd74lhz olivierh59500 unstabl3 dustinthegreat attacker-codeninja h4ckdi superdeen kathanp19 j3rry-1729 th3cyb3rc0p 7rust agentanthony ebad84 jd114 cqr-cryeye-forks slooppe guptaofficial17 julirash righteousgambit darknesschieftain an4kein guleum sk3lk0 parag85 jakre777 mathzrocha premhcz bernadsatriani okaayfine gprime31 x543g dojosecurity latkes hartl3y94 darkoneiroi 3yujw7njai adelittle yssvirus acezxn haka110 hxlxmjxbbxs navin-hacsociety 0xsojalsec ronin-dojo antesha m-muzammil786 nidemingzizj cyberindia1 nevercodecorrect sanz111 agentjacker deb-cybervil barttran2k ahmetqara skellyb0n3s titosantana609 mass18051805 randshell ramosslyz nvm303 sajibekanti tharaka190 kairos-hk r3b3lscum81 realdbcooper

oralyzer's Issues

IndexError: list index out of range

Sometimes i got this error, tested with Python 3.9/3.10

Unable to pass pre-fetched wayback result file

I have pre-fetched urls.txt file from waybackurls for one domain, whey I am passing this urls.txt, it is not giving result.

It is just printing first URL of urls.txt file.

UnicodeDecodeError

Hey man!

I tried to use your tool, but i got this error:

�[92m   ____           __
  / __ \_______ _/ /_ _____ ___ ____
 / /_/ / __/ _ `/ / // /_ // -_) __/
 \____/_/  \_,_/_/\_, //__/\__/_/
                 /___/
�[00m
Traceback (most recent call last):
  File "oralyzer.py", line 50, in <module>
    file = open(FilePath).read().splitlines()
  File "C:\Users\XXXXXX\AppData\Local\Programs\Python\Python37\lib\encodings\cp1252.py", line 23, in decode
    return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 1215: character maps to <undefined>

The command (python 3): python oralyzer.py -u https:///it?requestUrl=site.com
Hope you can resolve it!

Header Based Redirection

when it says Header Based Redirection
what headers is it using?

Output?

very good tool, just need to save the results. I'm saving >>

Tool doesn't run when initiated from outside the tool directory

After the recent update, the tool throws some error when you try to run from outside the tool directory.

▶ python3 Oralyzer/oralyzer.py -h
   ____           __
  / __ \_______ _/ /_ _____ ___ ____
 / /_/ / __/ _ `/ / // /_ // -_) __/
 \____/_/  \_,_/_/\_, //__/\__/_/
                 /___/

Traceback (most recent call last):
  File "Oralyzer/oralyzer.py", line 13, in <module>
    from core.wayback import get_urls
  File "/Users/gaurangbhatnagar/Flow-Tools/Oralyzer/core/wayback.py", line 2, in <module>
    from core.others import good,bad,info
  File "/Users/gaurangbhatnagar/Flow-Tools/Oralyzer/core/others.py", line 19, in <module>
    with open('core/config.json', 'r') as file:
FileNotFoundError: [Errno 2] No such file or directory: 'core/config.json'

This only works when you navigate to the folder and run the tool.

▶ cd Oralyzer
▶ python3 oralyzer.py -h
   ____           __
  / __ \_______ _/ /_ _____ ___ ____
 / /_/ / __/ _ `/ / // /_ // -_) __/
 \____/_/  \_,_/_/\_, //__/\__/_/
                 /___/

usage: oralyzer.py [-h] [-u URL] [-l PATH] [-crlf] [-p PAYLOAD] [--proxy] [--wayback]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     scan single target
  -l PATH, --list PATH  scan multiple target
  -crlf                 scan for CRLF Injection
  -p PAYLOAD, --payload PAYLOAD
                        use payloads from a file
  --proxy               use proxy
  --wayback             fetch URLs from archive.org

New and useful payloads for Payload.txt

error

╭─kali@kali ~/Desktop/Tools/Oralyzer ‹master●›
╰─$ python3 oralyzer.py -u http://testphp.vulnweb.com/showimage.php\?file\=8 1 ↵

Oralyzer

[!] Infusing payloads
Traceback (most recent call last):
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 260, in
analyze(url)
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 55, in analyze
testingBreak = request(multiTestCall[1],params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 74, in request
funcBreak = check(page, page.request.url)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 215, in check
sourcesMatch = list(dict.fromkeys(re.findall("|".join(escapedSourcesSinks), str(soup))))
^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/element.py", line 1075, in unicode
return self.decode()
^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/init.py", line 626, in decode
return prefix + super(BeautifulSoup, self).decode(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/element.py", line 1111, in decode
formatter = self.formatter_for_name(formatter)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/element.py", line 167, in formatter_for_name
if isinstance(formatter, collections.Callable):
^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'collections' has no attribute 'Callable'

NOT ABLE TO INSTALL!

Requirement already satisfied: requests in /home/marcmx/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (2.20.0)
Collecting bs4
Using cached bs4-0.0.1.tar.gz (1.1 kB)
ERROR: Could not find a version that satisfies the requirement urllib.parse (from -r requirements.txt (line 3)) (from versions: none)
ERROR: No matching distribution found for urllib.parse (from -r requirements.txt (line 3))

TypeError: init() got an unexpected keyword argument 'capture_output'

python3 oralyzer.py -u https://target --wayback -o res.txt

    Oralyzer {Open Redirection Analyzer}

[•] Getting juicy URLs with waybackurls
Traceback (most recent call last):
File "oralyzer.py", line 164, in
get_urls(url, output)
File "/root/gaurav/Oralyzer/core/wayback.py", line 32, in get_urls
no_output = subprocess.run(['waybackurls', url], capture_output=True, text=True)
File "/usr/lib64/python3.6/subprocess.py", line 423, in run
with Popen(*popenargs, **kwargs) as process:
TypeError: init() got an unexpected keyword argument 'capture_output'

Error!

Oralyzer {Open Redirection Analyzer}

[•] Appending payloads just after the URL
[•] Infusing payloads
Traceback (most recent call last):
File "oralyzer.py", line 153, in
analyze(url)
File "oralyzer.py", line 96, in analyze
page = requests.get(uri, allow_redirects=False, headers=header, timeout=15)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/sessions.py", line 524, in request
resp = self.send(prep, **send_kwargs)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/sessions.py", line 631, in send
adapter = self.get_adapter(url=request.url)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/sessions.py", line 722, in get_adapter
raise InvalidSchema("No connection adapters were found for '%s'" % url)
requests.exceptions.InvalidSchema: No connection adapters were found for 'www.google.com/http://www.google.com'

ERROR: Could not find a version that satisfies the requirement urllib.parse (from -r requirements.txt (line 3)) (from versions: none)
ERROR: No matching distribution found for urllib.parse (from -r requirements.txt (line 3))

Or:
Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://pypi.org/simple/urllib-parse/

Add a switch to provide payload.txt path

If I run this tool from some another directory, the tool does not work.

python3 /<path-to-oralyzer>/Oralyzer/oralyzer.py -f urls.txt

This probably is happening because of the following code:

file = open('payloads.txt','r')

The script is looking into the current directory for payloads.txt.

This can be fixed if you can add a switch to provide the path/directory where payloads.txt reside.

Improve DOM XSS

I just found your tool and I'm very impressed with it.

I see there is even a DOM XSS module, although limited. I would like to share https://portswigger.net/blog/introducing-dom-invader with you. If you scroll down to about half way down the page you can see more sources and sinks to add to your script.