tijme / angularjs-csti-scanner Goto Github PK

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

License: MIT License

Python 99.67% Dockerfile 0.33%

angularjs xss xss-scanners exploit angularjs-sandbox-escape vulnerability-scanners sandbox-escape angularjs-csti-scanner security tool

angularjs-csti-scanner's Introduction

Angular Client-Side Template Injection Scanner

ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.

Installation
Usage
Issues
License

Installation

First make sure you're on Python 2.7/3.4 or higher. Then run the command below to install ACSTIS.

$ pip install https://github.com/tijme/angularjs-csti-scanner/archive/master.zip

Usage

Scan a single URL

acstis -d "https://finnwea.com/some/page/?category=23"

Scan a single URL (and verify that the alert pops)

acstis -vp -d "https://finnwea.com/some/page/?category=23"

Scan an entire domain

acstis -c -d "https://finnwea.com/"

Scan an entire domain (and stop if a vulnerability was found)

acstis -c -siv -d "https://finnwea.com/"

Trust the given certificate

acstis -d "https://finnwea.com/some/page/?category=23" -tc "/Users/name/Desktop/cert.pem"

All command line options

usage: acstis [-h] -d DOMAIN [-c] [-vp] [-av ANGULAR_VERSION] [-vrl VULNERABLE_REQUESTS_LOG] [-siv] [-pmm] [-sos] [-soh] [-sot] [-md MAX_DEPTH] [-mt MAX_THREADS] [-iic] [-tc TRUSTED_CERTIFICATES]

required arguments:
   -d DOMAIN, --domain DOMAIN                                                       the domain to scan (e.g. finnwea.com)

optional arguments:
   -h, --help                                                                       show this help message and exit
   -c, --crawl                                                                      use the crawler to scan all the entire domain
   -vp, --verify-payload                                                            use a javascript engine to verify if the payload was executed (otherwise false positives may occur)
   -av ANGULAR_VERSION, --angular-version ANGULAR_VERSION                           manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work
   -vrl VULNERABLE_REQUESTS_LOG, --vulnerable-requests-log VULNERABLE_REQUESTS_LOG  log all vulnerable requests to this file (e.g. /var/logs/acstis.log or urls.log)
   -siv, --stop-if-vulnerable                                                       (crawler option) stop scanning if a vulnerability was found
   -pmm, --protocol-must-match                                                      (crawler option) only scan pages with the same protocol as the startpoint (e.g. only https)
   -sos, --scan-other-subdomains                                                    (crawler option) also scan pages that have another subdomain than the startpoint
   -soh, --scan-other-hostnames                                                     (crawler option) also scan pages that have another hostname than the startpoint
   -sot, --scan-other-tlds                                                          (crawler option) also scan pages that have another tld than the startpoint
   -md MAX_DEPTH, --max-depth MAX_DEPTH                                             (crawler option) the maximum search depth (default is unlimited)
   -mt MAX_THREADS, --max-threads MAX_THREADS                                       (crawler option) the maximum amount of simultaneous threads to use (default is 20)
   -iic, --ignore-invalid-certificates                                              (crawler option) ignore invalid ssl certificates
   -tc TRUSTED_CERTIFICATES, --trusted-certificates TRUSTED_CERTIFICATES            (crawler option) trust this CA_BUNDLE file (.pem) or directory with certificates

Authentication, Cookies, Headers, Proxies & Scope options

These options are not implemented in the command line interface of ACSTIS. Please download the extended.py script and extend it with one or more of the following code snippets. You can paste these code snippets in the main() method of the extended.py script.

Please note: if you use the extended.py file make sure you call python extended.py [your arguments] instead of acstis [your arguments].

Basic Authentication

options.identity.auth = HTTPBasicAuth("username", "password")

Digest Authentication

options.identity.auth = HTTPDigestAuth("username", "password")

Cookies

options.identity.cookies.set(name='tasty_cookie', value='yum', domain='finnwea.com', path='/cookies')
options.identity.cookies.set(name='gross_cookie', value='blech', domain='finnwea.com', path='/elsewhere')

Headers

options.identity.headers.update({
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
})

Proxies

options.identity.proxies = {
    # No authentication
    # 'http': 'http://host:port',
    # 'https': 'http://host:port',

    # Basic authentication
    # 'http': 'http://user:pass@host:port',
    # 'https': 'https://user:pass@host:port',

    # SOCKS
    'http': 'socks5://user:pass@host:port',
    'https': 'socks5://user:pass@host:port'
}

Scope options

options.scope.protocol_must_match = False

options.scope.subdomain_must_match = True

options.scope.hostname_must_match = True

options.scope.tld_must_match = True

options.scope.max_depth = None

options.scope.request_methods = [
    Request.METHOD_GET,
    Request.METHOD_POST,
    Request.METHOD_PUT,
    Request.METHOD_DELETE,
    Request.METHOD_OPTIONS,
    Request.METHOD_HEAD
]

Testing

The testing can and will automatically be done by Travis CI on every push. If you want to manually run the unit tests, use the command below.

$ python -m unittest discover

Issues

Issues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.

License

ACSTIS is open-sourced software licensed under the MIT license.

angularjs-csti-scanner's People

Contributors

Stargazers

Watchers

Forkers

fenceposterror taind94 zer0dayeurope hax0rg1rl 5up3rc tuian jovyn grukz expertasif johnjohnsp1 jaikishantulswani yadox bbghunter antichown magnologan sonahri random-robbie m1sn1k theanalyzer awesome-security inc775 crypto-breaker rasarab chouaibhm attacker34 iamprbkr c0dak mmg1 rajivraj conanjun xiaoyecent shahid1996 vince-lynch letsunlockiphone exploitprotocol isecren natrix-fork affilares xmrseo imulmul thanhuutuan slooppe blo0dshe3d modulexcite kakakpy cuteghost ingramali ksanchezcld securityia youdinforsec 5l1v3r1 ashr bbhunter sefanll yogendra1911 blackstarkk snrtherock tink2hack dekoder th3cyb3rc0p pianomanx paulschmelzer sageof6iixpaths sashka3076 nosorry silentsoul04 ba7jcm skyn9ne alexlarotta sobinge rakhithjk adelittle fixerman hartl3y94 ajunlonglive excloudx6 qdas57 0xsojalsec iq-scm durbanspoison 0x1bitcrack3r ryan0lb

angularjs-csti-scanner's Issues

Disabling Python's `urllib3` warnings in the scanner output

While running ACSTIS today on the JS app hosted on heroku, I happen to get some warnings. Will this affect the scan (I am guessing no) is there a way we could ignore them in the acstis script.

I tried scanning other websites and I feel the scanner runs fine, Just that I am getting these warnings now. Somehow I did not get these errors the first time I tested this new version (Surprise !!)

_PS Angular-CSTI-Scanner\angularjs-csti-scanner-master> python .\extended.test.py -c -d "https://owaspjuiceshop221b.herokuapp.com/#/search" -tc "Burp_CA_Cert.pem"

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.5.11.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
SubjectAltNameWarning
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
SubjectAltNameWarning
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See urllib3/urllib3#497 for details.)
SubjectAltNameWarning_

On what vulnerable website can I test your scanner?

Scanner abruptly exits with "error: can't start new thread" after certain extent

Here is an Error I keep getting for larger websites , and the scanner abruptly shuts down after scpidering the URL's to a certain extent.

_Exception in thread Thread-2467:
Traceback (most recent call last):
  File "C:\Python27\lib\threading.py", line 801, in __bootstrap_inner
    self.run()
  File "C:\Python27\lib\site-packages\nyawc\CrawlerThread.py", line 116, in run
    self.__callback(self.__queue_item, new_requests, failed)
  File "C:\Python27\lib\site-packages\nyawc\Crawler.py", line 252, in __request_finish
    self.__spawn_new_requests()
  File "C:\Python27\lib\site-packages\nyawc\Crawler.py", line 105, in __spawn_new_requests
    if self.__spawn_new_request():
  File "C:\Python27\lib\site-packages\nyawc\Crawler.py", line 125, in __spawn_new_request
    self.__request_start(first_in_line)
  File "C:\Python27\lib\site-packages\nyawc\Crawler.py", line 217, in __request_start
    thread.start()
  File "C:\Python27\lib\threading.py", line 736, in start
    _start_new_thread(self.__bootstrap, ())
error: can't start new thread_

Parrot OS can't find `main` module in `acstis`

root@DESKTOP-URC8ANJ:/mnt/c/angularjs-csti-scanner-master# python acstis --url **************.com/
usr/bin/python: can't find 'main' module in 'acstis'

Initial requests from ACSTIS ignoring the proxy settings

I noticed that intial requests sent by the acstis do not obey the proxy settings mentioned in the extended.py file.

In order to demonstrate this I set my system proxy to Fiddler (localhost:8888) and entered the proxy settings in extended.py to Burpsuite (localhost:8080)

extended.py  <proxy settings>
options.identity.proxies = {
    # No authentication
     'http': 'http://127.0.0.1:8080',
     'https': 'http://127.0.0.1:8080',
}

On running acstis with proper Burp certificates I get the following output

PS C:\FooBar\Tools\Angular-CSTI-Scanner\> python extended.py -c -d "https://owaspjuiceshop221b.herokuapp.com/#/search" -tc "C:\Foobar\Path\To\Certificates\Burp_Cert.pem"

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.1 - Copyright 2017 Tijme Gommers <[email protected]>

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.5.11.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search

At this point before the first request is being sent to Burp the following requests are going via Fiddler (That shows that the acstis scanner is ignoring the proxy settings and using the system proxy settings).

Fiddler Requests log:

#	Result	Protocol	Host	URL	Body	Caching	Content-Type	Process	Comments	Custom	

1	200	HTTP	127.0.0.1:64799	/wd/hub/session	533		application/json;charset=UTF-8	python:8548			
2	200	HTTP	127.0.0.1:64799	/wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108/url	74		application/json;charset=UTF-8	python:8548			
3	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
4	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/	12,489	public, max-age=0	text/html; charset=UTF-8	win-2.1.1:8532			
6	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/bootswatch/slate/bootstrap.min.css	142,322	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
7	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
8	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
9	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
10	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
11	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
12	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/fontawesome/css/font-awesome.min.css	31,000	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
13	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/flag-icon-css/css/flag-icon.min.css	33,481	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
14	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css	3,546	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
15	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/css/app.css	460	public, max-age=0	text/css; charset=UTF-8	win-2.1.1:8532			
16	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/socket.io.js	61,211		application/javascript	win-2.1.1:8532			
17	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/underscore/underscore.js	52,919	public, max-age=0	application/javascript	win-2.1.1:8532			
18	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/string/dist/string.min.js	27,717	public, max-age=0	application/javascript	win-2.1.1:8532			
19	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/moment/min/moment.min.js	51,465	public, max-age=0	application/javascript	win-2.1.1:8532			
20	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/jquery/dist/jquery.min.js	86,659	public, max-age=0	application/javascript	win-2.1.1:8532			
21	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/bootstrap/dist/js/bootstrap.min.js	37,045	public, max-age=0	application/javascript	win-2.1.1:8532			
22	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular/angular.min.js	163,188	public, max-age=0	application/javascript	win-2.1.1:8532			
23	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-translate/angular-translate.min.js	23,733	public, max-age=0	application/javascript	win-2.1.1:8532			
24	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js	1,371	public, max-age=0	application/javascript	win-2.1.1:8532			
25	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-route/angular-route.min.js	4,786	public, max-age=0	application/javascript	win-2.1.1:8532			
26	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-cookies/angular-cookies.min.js	1,448	public, max-age=0	application/javascript	win-2.1.1:8532			
27	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-touch/angular-touch.min.js	4,042	public, max-age=0	application/javascript	win-2.1.1:8532			
28	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-animate/angular-animate.min.js	25,722	public, max-age=0	application/javascript	win-2.1.1:8532			
29	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-bootstrap/ui-bootstrap.min.js	100,829	public, max-age=0	application/javascript	win-2.1.1:8532			
30	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js	122,900	public, max-age=0	application/javascript	win-2.1.1:8532			
31	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/ng-file-upload/ng-file-upload-shim.min.js	7,262	public, max-age=0	application/javascript	win-2.1.1:8532			
32	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/ng-file-upload/ng-file-upload.min.js	37,495	public, max-age=0	application/javascript	win-2.1.1:8532			
33	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-socket-io/socket.min.js	1,291	public, max-age=0	application/javascript	win-2.1.1:8532			
34	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/clipboard/dist/clipboard.min.js	10,286	public, max-age=0	application/javascript	win-2.1.1:8532			
35	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/ngclipboard/dist/ngclipboard.min.js	640	public, max-age=0	application/javascript	win-2.1.1:8532			
36	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-base64/angular-base64.js	5,844	public, max-age=0	application/javascript	win-2.1.1:8532			
37	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/qrcode-generator/js/qrcode.js	45,006	public, max-age=0	application/javascript	win-2.1.1:8532			
38	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/angular-qrcode/angular-qrcode.js	5,267	public, max-age=0	application/javascript	win-2.1.1:8532			
39	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/dist/juice-shop.min.js	100,409	public, max-age=0	application/javascript	win-2.1.1:8532			
40	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/JuiceShop_Logo.png	99,456	public, max-age=0	image/png	win-2.1.1:8532			
41	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=polling&t=LwQ76v4	104		text/plain; charset=UTF-8	win-2.1.1:8532			
42	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/i18n/en.json	5,977	public, max-age=0	application/json	win-2.1.1:8532			
43	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/i18n/en_US.json	12,489	public, max-age=0	text/html; charset=UTF-8	win-2.1.1:8532			
44	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/rest/admin/application-version	19		application/json; charset=utf-8	win-2.1.1:8532			
45	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/rest/admin/application-configuration	5,894		application/json; charset=utf-8	win-2.1.1:8532			
46	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/rest/product/search?q=undefined	7,414		application/json; charset=utf-8	win-2.1.1:8532			
47	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/%7B%7Bproduct.image%7D%7D	12,489	public, max-age=0	text/html; charset=UTF-8	win-2.1.1:8532			
48	200	HTTP	Tunnel to	owaspjuiceshop221b.herokuapp.com:443	0			win-2.1.1:8532			
49	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/bower_components/fontawesome/fonts/fontawesome-webfont.ttf?v=4.7.0	165,548	public, max-age=0	application/x-font-ttf	win-2.1.1:8532			
50	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=polling&t=LwQ76y_&sid=Fej1KnRWts7JTzq8AAAA	23		text/plain; charset=UTF-8	win-2.1.1:8532			
51	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/apple_juice.jpg	14,827	public, max-age=0	image/jpeg	win-2.1.1:8532			
52	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/apple_pressings.jpg	50,981	public, max-age=0	image/jpeg	win-2.1.1:8532			
53	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/banana_juice.jpg	11,276	public, max-age=0	image/jpeg	win-2.1.1:8532			
54	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/carrot_juice.jpeg	21,811	public, max-age=0	image/jpeg	win-2.1.1:8532			
55	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/eggfruit_juice.jpg	25,715	public, max-age=0	image/jpeg	win-2.1.1:8532			
56	101	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=websocket&sid=Fej1KnRWts7JTzq8AAAA	0			win-2.1.1:8532			
57	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/white_raffards.jpg	26,353	public, max-age=0	image/jpeg	win-2.1.1:8532			
58	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fruit_press.jpg	23,082	public, max-age=0	image/jpeg	win-2.1.1:8532			
59	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/green_smoothie.jpg	16,661	public, max-age=0	image/jpeg	win-2.1.1:8532			
60	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/artwork.jpg	634,687	public, max-age=0	image/jpeg	win-2.1.1:8532			
61	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/lemon_juice.jpg	14,393	public, max-age=0	image/jpeg	win-2.1.1:8532			
62	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/melon_bike.jpeg	36,673	public, max-age=0	image/jpeg	win-2.1.1:8532			
63	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_girlie.jpg	19,501	public, max-age=0	image/jpeg	win-2.1.1:8532			
64	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/ctf_sticker.png	25,877	public, max-age=0	image/png	win-2.1.1:8532			
65	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_hoodie.jpg	19,566	public, max-age=0	image/jpeg	win-2.1.1:8532			
66	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/3d_keychain.jpg	20,483	public, max-age=0	image/jpeg	win-2.1.1:8532			
67	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_mug.jpg	16,255	public, max-age=0	image/jpeg	win-2.1.1:8532			
68	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/sticker_facelift.png	30,851	public, max-age=0	image/png	win-2.1.1:8532			
69	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/fan_shirt.jpg	14,682	public, max-age=0	image/jpeg	win-2.1.1:8532			
70	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/owasplogo.png	18,505	public, max-age=0	image/png	win-2.1.1:8532			
71	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/owasp_osaft.jpg	21,488	public, max-age=0	image/jpeg	win-2.1.1:8532			
72	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/orange_juice.jpg	37,636	public, max-age=0	image/jpeg	win-2.1.1:8532			
73	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/quince.jpg	18,711	public, max-age=0	image/jpeg	win-2.1.1:8532			
74	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/raspberry_juice.jpg	21,058	public, max-age=0	image/jpeg	win-2.1.1:8532			
75	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/strawberry_juice.jpeg	18,047	public, max-age=0	image/jpeg	win-2.1.1:8532			
76	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/public/images/products/woodruff_syrup.jpg	96,062	public, max-age=0	image/jpeg	win-2.1.1:8532			
77	200	HTTPS	owaspjuiceshop221b.herokuapp.com	/socket.io/?EIO=3&transport=polling&t=LwQ773s&sid=Fej1KnRWts7JTzq8AAAA	3		text/plain; charset=UTF-8	win-2.1.1:8532			
78	200	HTTP	127.0.0.1:64799	/wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108/execute	80		application/json;charset=UTF-8	python:8548			
79	200	HTTP	127.0.0.1:64799	/wd/hub/session/fbab6230-9d35-11e7-89f3-b53578fff108	74		application/json;charset=UTF-8	python:8548

Now in case if certain web-apps (Read: Client Apps) are only accessible through a certain proxy (eg. Client Proxy) and if its not possible to set this proxy as the system proxy. Then despite setting the proxy (Client Proxy) in extended.py we get the below error.

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.1 - Copyright 2017 Tijme Gommers <[email protected]>

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[ERROR] Couldn't determine the AngularJS version (`angular.version.full` threw an exception).
[ERROR] If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument.

This error occurs as ACSTIS sends the intial requests to the target site via the system proxy and since the target site is not reachable it results in an error.

Version conflict due to `requests` module dependency in several modules.

One line summary of the issue here.

Expected behavior

acstis -c -d "https://finnwea.com/" -vp

Actual behavior

root@69eaae37ad9f:/# acstis -c -siv -d "https://finnwea.com/" -vp
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 664, in _build_master
    ws.require(__requires__)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 981, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 872, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (requests 2.18.1 (/usr/local/lib/python3.7/site-packages), Requirement.parse('requests==2.18.4'), {'nyawc'})

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/acstis", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3142, in <module>
    @_call_aside
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3126, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 3155, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 666, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 679, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python3.7/site-packages/pkg_resources/__init__.py", line 872, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (requests 2.18.1 (/usr/local/lib/python3.7/site-packages), Requirement.parse('requests==2.18.4'), {'nyawc'})

Steps to reproduce the behavior

python 3.7 on debian stretch.

installed via

pip install git+https://github.com/tijme/angularjs-csti-scanner.git

Encountered error while trying to install package. ╰─> lxml

Hi, I'm using Kali Linux Release: 2022.4
python --version:
Python 3.10.7

After running the command pip install https://github.com/tijme/angularjs-csti-scanner/archive/master.zip
I'm getting the error:
Compile failed: command '/usr/bin/gcc' failed with exit code 1
cc -I/usr/include/libxml2 -I/usr/include/libxml2 -c /tmp/xmlXPathInit7gbia19y.c -o tmp/xmlXPathInit7gbia19y.o
cc tmp/xmlXPathInit7gbia19y.o -lxml2 -o a.out
error: command '/usr/bin/gcc' failed with exit code 1
[end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
Rolling back uninstall of lxml
Moving to /home/jetfree/.pyenv/versions/3.10.7/envs/angular_scanner/lib/python3.10/site-packages/lxml-4.9.2.dist-info/
from /home/jetfree/.pyenv/versions/3.10.7/envs/angular_scanner/lib/python3.10/site-packages/~xml-4.9.2.dist-info
Moving to /home/jetfree/.pyenv/versions/3.10.7/envs/angular_scanner/lib/python3.10/site-packages/lxml/
from /home/jetfree/.pyenv/versions/3.10.7/envs/angular_scanner/lib/python3.10/site-packages/~xml
error: legacy-install-failure

× Encountered error while trying to install package.
╰─> lxml

I've installed and updated all needed packages, that could cause this error:
python3-lxml is already the newest version (4.9.2-1+b1).
libxml2-dev is already the newest version (2.9.14+dfsg-1.1+b3).
libxslt1-dev is already the newest version (1.1.35-1).
I've also updated wheel and setuptools packages, but still face this error during installation.
GCC package also installed: gcc is already the newest version (4:12.2.0-3).

Please, help.

Ignore Bad SSL Certs

Can we get the scanner to ignore bad SSL certs?

Steps to reproduce the behavior

root@04df222c1069:/# acstis -c -siv -d "https://13.56.76.150/" -vp

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.1 - Copyright 2017 Tijme Gommers <[email protected]>

[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[ERROR] Couldn't determine the AngularJS version (`angular.version.full` threw an exception).
[ERROR] If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument.
root@04df222c1069:/#

Cannot complete installing process.

pip3 install https://github.com/tijme/angularjs-csti-scanner/archive/master.zip

Collecting https://github.com/tijme/angularjs-csti-scanner/archive/master.zip
  Using cached https://github.com/tijme/angularjs-csti-scanner/archive/master.zip
Requirement already satisfied: colorlog==4.0.2 in /home/test/.local/lib/python3.8/site-packages (from acstis==3.0.6) (4.0.2)
Processing /home/test/.cache/pip/wheels/58/a6/35/0dcdd58075d05cf0b065c1b246d98dd2a1baa13738a84882ad/nyawc-1.8.2-py3-none-any.whl
Requirement already satisfied: requests==2.21.0 in /home/test/.local/lib/python3.8/site-packages (from acstis==3.0.6) (2.21.0)
Requirement already satisfied: requests_toolbelt==0.9.1 in /home/test/.local/lib/python3.8/site-packages (from acstis==3.0.6) (0.9.1)
Requirement already satisfied: selenium==3.141.0 in /home/test/.local/lib/python3.8/site-packages (from acstis==3.0.6) (3.141.0)
Requirement already satisfied: sphinx==1.8.3 in /home/test/.local/lib/python3.8/site-packages (from nyawc==1.8.2->acstis==3.0.6) (1.8.3)
Requirement already satisfied: beautifulsoup4==4.7.1 in /home/test/.local/lib/python3.8/site-packages (from nyawc==1.8.2->acstis==3.0.6) (4.7.1)
Requirement already satisfied: sphinxcontrib-napoleon==0.7 in /home/test/.local/lib/python3.8/site-packages (from nyawc==1.8.2->acstis==3.0.6) (0.7)
Collecting lxml==4.3.0
  Using cached lxml-4.3.0.tar.gz (2.5 MB)
Requirement already satisfied: sphinx-better-theme==0.1.5 in /home/test/.local/lib/python3.8/site-packages (from nyawc==1.8.2->acstis==3.0.6) (0.1.5)
Requirement already satisfied: urllib3<1.25,>=1.21.1 in /home/test/.local/lib/python3.8/site-packages (from requests==2.21.0->acstis==3.0.6) (1.24.3)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3/dist-packages (from requests==2.21.0->acstis==3.0.6) (3.0.4)
Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python3/dist-packages (from requests==2.21.0->acstis==3.0.6) (2.8)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests==2.21.0->acstis==3.0.6) (2019.11.28)
Requirement already satisfied: babel!=2.0,>=1.3 in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (2.8.0)
Requirement already satisfied: Pygments>=2.0 in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (2.6.1)
Requirement already satisfied: imagesize in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (1.2.0)
Requirement already satisfied: snowballstemmer>=1.1 in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (2.0.0)
Requirement already satisfied: sphinxcontrib-websupport in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (1.2.3)
Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (45.2.0)
Requirement already satisfied: Jinja2>=2.3 in /usr/lib/python3/dist-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (2.10.1)
Requirement already satisfied: six>=1.5 in /usr/lib/python3/dist-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (1.14.0)
Requirement already satisfied: docutils>=0.11 in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (0.16)
Requirement already satisfied: packaging in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (20.4)
Requirement already satisfied: alabaster<0.8,>=0.7 in /home/test/.local/lib/python3.8/site-packages (from sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (0.7.12)
Requirement already satisfied: soupsieve>=1.2 in /home/test/.local/lib/python3.8/site-packages (from beautifulsoup4==4.7.1->nyawc==1.8.2->acstis==3.0.6) (2.0.1)
Requirement already satisfied: pockets>=0.3 in /home/test/.local/lib/python3.8/site-packages (from sphinxcontrib-napoleon==0.7->nyawc==1.8.2->acstis==3.0.6) (0.9.1)
Requirement already satisfied: pytz>=2015.7 in /usr/lib/python3/dist-packages (from babel!=2.0,>=1.3->sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (2019.3)
Requirement already satisfied: pyparsing>=2.0.2 in /home/test/.local/lib/python3.8/site-packages (from packaging->sphinx==1.8.3->nyawc==1.8.2->acstis==3.0.6) (2.4.7)
Building wheels for collected packages: acstis, lxml
  Building wheel for acstis (setup.py) ... done
  Created wheel for acstis: filename=acstis-3.0.6-py3-none-any.whl size=88690292 sha256=86f1e6bd675429b9878be51fcd6682e000be6d55a02a49ade9b20abd24a3f839
  Stored in directory: /tmp/pip-ephem-wheel-cache-zpaiyik8/wheels/41/cc/16/106af690365a0d2179c895f782c2509b62c0bdad49d20afe17

  Building wheel for lxml (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /usr/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-d395xsph/lxml/setup.py'"'"'; __file__='"'"'/tmp/pip-install-d395xsph/lxml/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-jpawlbce
       cwd: /tmp/pip-install-d395xsph/lxml/
  Complete output (95 lines):
  Building lxml version 4.3.0.
  Building without Cython.
  ERROR: b'/bin/sh: 1: xslt-config: Permission denied\n'
  ** make sure the development packages of libxml2 and libxslt are installed **

  Using build configuration of libxslt
  running bdist_wheel
  running build
  running build_py
  creating build
  creating build/lib.linux-x86_64-3.8
  creating build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/ElementInclude.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/__init__.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/_elementpath.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/builder.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/cssselect.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/doctestcompare.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/pyclasslookup.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/sax.py -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/usedoctest.py -> build/lib.linux-x86_64-3.8/lxml
  creating build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/__init__.py -> build/lib.linux-x86_64-3.8/lxml/includes
  creating build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/ElementSoup.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/__init__.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/_diffcommand.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/_html5builder.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/_setmixin.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/builder.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/clean.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/defs.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/diff.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/formfill.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/html5parser.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/soupparser.py -> build/lib.linux-x86_64-3.8/lxml/html
  copying src/lxml/html/usedoctest.py -> build/lib.linux-x86_64-3.8/lxml/html
  creating build/lib.linux-x86_64-3.8/lxml/isoschematron
  copying src/lxml/isoschematron/__init__.py -> build/lib.linux-x86_64-3.8/lxml/isoschematron
  copying src/lxml/etree.h -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/etree_api.h -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/lxml.etree.h -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/lxml.etree_api.h -> build/lib.linux-x86_64-3.8/lxml
  copying src/lxml/includes/__init__.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/c14n.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/config.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/dtdvalid.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/etreepublic.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/htmlparser.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/relaxng.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/schematron.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/tree.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/uri.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/xinclude.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/xmlerror.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/xmlparser.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/xmlschema.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/xpath.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/xslt.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/etree_defs.h -> build/lib.linux-x86_64-3.8/lxml/includes
  copying src/lxml/includes/lxml-version.h -> build/lib.linux-x86_64-3.8/lxml/includes
  creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources
  creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/rng
  copying src/lxml/isoschematron/resources/rng/iso-schematron.rng -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/rng
  creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl
  copying src/lxml/isoschematron/resources/xsl/RNG2Schtrn.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl
  copying src/lxml/isoschematron/resources/xsl/XSD2Schtrn.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl
  creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_abstract_expand.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_dsdl_include.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_message.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_skeleton_for_xslt1.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_svrl_for_xslt1.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
  running build_ext
  building 'lxml.etree' extension
  creating build/temp.linux-x86_64-3.8
  creating build/temp.linux-x86_64-3.8/src
  creating build/temp.linux-x86_64-3.8/src/lxml
  x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DCYTHON_CLINE_IN_TRACEBACK=0 -Isrc -Isrc/lxml/includes -I/usr/include/python3.8 -c src/lxml/etree.c -o build/temp.linux-x86_64-3.8/src/lxml/etree.o -w
  src/lxml/etree.c:97:10: fatal error: Python.h: No such file or directory
     97 | #include "Python.h"
        |          ^~~~~~~~~~
  compilation terminated.
  Compile failed: command 'x86_64-linux-gnu-gcc' failed with exit status 1
  creating tmp
  cc -I/usr/include/libxml2 -c /tmp/xmlXPathInitcqz190lq.c -o tmp/xmlXPathInitcqz190lq.o
  /tmp/xmlXPathInitcqz190lq.c:1:10: fatal error: libxml/xpath.h: No such file or directory
      1 | #include "libxml/xpath.h"
        |          ^~~~~~~~~~~~~~~~
  compilation terminated.
  *********************************************************************************
  Could not find function xmlCheckVersion in library libxml2. Is libxml2 installed?
  *********************************************************************************
  error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
  ----------------------------------------
  ERROR: Failed building wheel for lxml
  Running setup.py clean for lxml
Successfully built acstis
Failed to build lxml
Installing collected packages: lxml, nyawc, acstis
  Attempting uninstall: lxml
    Found existing installation: lxml 4.5.1
    Uninstalling lxml-4.5.1:
      Successfully uninstalled lxml-4.5.1
    Running setup.py install for lxml ... error
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-d395xsph/lxml/setup.py'"'"'; __file__='"'"'/tmp/pip-install-d395xsph/lxml/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-hpe6engi/install-record.txt --single-version-externally-managed --user --prefix= --compile --install-headers /home/test/.local/include/python3.8/lxml
         cwd: /tmp/pip-install-d395xsph/lxml/
    Complete output (94 lines):
    Building lxml version 4.3.0.
    Building without Cython.
    ERROR: b'/bin/sh: 1: xslt-config: Permission denied\n'
    ** make sure the development packages of libxml2 and libxslt are installed **

    Using build configuration of libxslt
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.8
    creating build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/ElementInclude.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/__init__.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/_elementpath.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/builder.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/cssselect.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/doctestcompare.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/pyclasslookup.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/sax.py -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/usedoctest.py -> build/lib.linux-x86_64-3.8/lxml
    creating build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/__init__.py -> build/lib.linux-x86_64-3.8/lxml/includes
    creating build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/ElementSoup.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/__init__.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/_diffcommand.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/_html5builder.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/_setmixin.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/builder.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/clean.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/defs.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/diff.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/formfill.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/html5parser.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/soupparser.py -> build/lib.linux-x86_64-3.8/lxml/html
    copying src/lxml/html/usedoctest.py -> build/lib.linux-x86_64-3.8/lxml/html
    creating build/lib.linux-x86_64-3.8/lxml/isoschematron
    copying src/lxml/isoschematron/__init__.py -> build/lib.linux-x86_64-3.8/lxml/isoschematron
    copying src/lxml/etree.h -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/etree_api.h -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/lxml.etree.h -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/lxml.etree_api.h -> build/lib.linux-x86_64-3.8/lxml
    copying src/lxml/includes/__init__.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/c14n.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/config.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/dtdvalid.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/etreepublic.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/htmlparser.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/relaxng.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/schematron.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/tree.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/uri.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/xinclude.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/xmlerror.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/xmlparser.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/xmlschema.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/xpath.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/xslt.pxd -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/etree_defs.h -> build/lib.linux-x86_64-3.8/lxml/includes
    copying src/lxml/includes/lxml-version.h -> build/lib.linux-x86_64-3.8/lxml/includes
    creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources
    creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/rng
    copying src/lxml/isoschematron/resources/rng/iso-schematron.rng -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/rng
    creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl
    copying src/lxml/isoschematron/resources/xsl/RNG2Schtrn.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl
    copying src/lxml/isoschematron/resources/xsl/XSD2Schtrn.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl
    creating build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_abstract_expand.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_dsdl_include.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_message.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_skeleton_for_xslt1.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_svrl_for_xslt1.xsl -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt -> build/lib.linux-x86_64-3.8/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
    running build_ext
    building 'lxml.etree' extension
    creating build/temp.linux-x86_64-3.8
    creating build/temp.linux-x86_64-3.8/src
    creating build/temp.linux-x86_64-3.8/src/lxml
    x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DCYTHON_CLINE_IN_TRACEBACK=0 -Isrc -Isrc/lxml/includes -I/usr/include/python3.8 -c src/lxml/etree.c -o build/temp.linux-x86_64-3.8/src/lxml/etree.o -w
    src/lxml/etree.c:97:10: fatal error: Python.h: No such file or directory
       97 | #include "Python.h"
          |          ^~~~~~~~~~
    compilation terminated.
    Compile failed: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    cc -I/usr/include/libxml2 -c /tmp/xmlXPathInitz9jtvsak.c -o tmp/xmlXPathInitz9jtvsak.o
    /tmp/xmlXPathInitz9jtvsak.c:1:10: fatal error: libxml/xpath.h: No such file or directory
        1 | #include "libxml/xpath.h"
          |          ^~~~~~~~~~~~~~~~
    compilation terminated.
    *********************************************************************************
    Could not find function xmlCheckVersion in library libxml2. Is libxml2 installed?
    *********************************************************************************
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    ----------------------------------------
  Rolling back uninstall of lxml
  Moving to /home/test/.local/lib/python3.8/site-packages/lxml-4.5.1.dist-info/
   from /home/test/.local/lib/python3.8/site-packages/~xml-4.5.1.dist-info
  Moving to /home/test/.local/lib/python3.8/site-packages/lxml/
   from /home/test/.local/lib/python3.8/site-packages/~xml
ERROR: Command errored out with exit status 1: /usr/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-d395xsph/lxml/setup.py'"'"'; __file__='"'"'/tmp/pip-install-d395xsph/lxml/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-hpe6engi/install-record.txt --single-version-externally-managed --user --prefix= --compile --install-headers /home/test/.local/include/python3.8/lxml Check the logs for full command output.

I would like to try out this tool - it looks very promising, could you please update the project with fixed code?
Many thanks! :)

Unable to scan POST requests

Using extended.py with Scope options with request method option throws following error.

Actual behavior

Version 3.0.6 - Copyright 2017 Tijme Gommers <[email protected]>

Traceback (most recent call last):
  File "extended.py", line 168, in <module>
    main()
  File "extended.py", line 69, in main
    Request.METHOD_GET,
NameError: global name 'Request' is not defined

Steps to reproduce the behavior

Added following scope options to the request.py main() method

options.scope.request_methods = [
    Request.METHOD_GET,
    Request.METHOD_POST
    ]

Running default scan runs only on GET requests.
Also - Since I could not find the answer in README, asking here: Will it be possible to scan POST request and inject in specific parameter?

Requirement issues

On a fresh machine when you do pip install -r requirements.txt

you get and this is the same on python 3 or python 2

Collecting sphinx-better-theme==0.13 (from nyawc==1.7.11->acstis==3.0.5)
  Could not find a version that satisfies the requirement sphinx-better-theme==0.13 (from nyawc==1.7.11->acstis==3.0.5) (from versions: 0.1, 0.1.4, 0.1.5)
No matching distribution found for sphinx-better-theme==0.13 (from nyawc==1.7.11->acstis==3.0.5)

Error: TypeError: argument of type 'NoneType' is not iterable

One line summary of the issue here.

Expected behavior

No errors to be shown

Actual behavior

see output below

Steps to reproduce the behavior

host@host:~/tools/angularjs-csti-scanner$ python acstis.py -c -siv -vp -d https://www.oddschecker.com

  /$$$$$$   /$$$$$$   /$$$$$$  /$$$$$$$$ /$$$$$$  /$$$$$$
 /$$__  $$ /$$__  $$ /$$__  $$|__  $$__/|_  $$_/ /$$__  $$
| $$  \ $$| $$  \__/| $$  \__/   | $$     | $$  | $$  \__/
| $$$$$$$$| $$      |  $$$$$$    | $$     | $$  |  $$$$$$
| $$__  $$| $$       \____  $$   | $$     | $$   \____  $$
| $$  | $$| $$    $$ /$$  \ $$   | $$     | $$   /$$  \ $$
| $$  | $$|  $$$$$$/|  $$$$$$/   | $$    /$$$$$$|  $$$$$$/
|__/  |__/ \______/  \______/    |__/   |______/ \______/

Version 3.0.6 - Copyright 2017 Tijme Gommers <[email protected]>
    
[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.3.20.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://www.oddschecker.com
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

[INFO] Scanning https://www.oddschecker.com/search?query=FaaIGDVVxm
[INFO] Scanning https://www.oddschecker.com/
[INFO] Scanning https://www.oddschecker.com/tips
[INFO] Scanning https://www.oddschecker.com/free-bets
[INFO] Scanning https://www.oddschecker.com/casino-bonus
[INFO] Scanning https://www.oddschecker.com/bingo-bonuses
[INFO] Scanning https://www.oddschecker.com/insight
[INFO] Scanning https://www.oddschecker.com/myoddschecker/login
[INFO] Scanning https://www.oddschecker.com/myoddschecker/my-profile
[INFO] Scanning https://www.oddschecker.com/myoddschecker/bookmakers
[INFO] Scanning https://www.oddschecker.com/myoddschecker/my-bets
[INFO] Scanning https://www.oddschecker.com/myoddschecker/logout
[INFO] Scanning https://www.oddschecker.com/odds-format
[INFO] Scanning https://www.oddschecker.com/exchange-settings
[INFO] Scanning https://www.oddschecker.com/bet-basket
[INFO] Scanning https://www.oddschecker.com/market-movers
[INFO] Scanning https://www.oddschecker.com/tv-sports-calendar
[INFO] Scanning https://www.oddschecker.com/betting-tools/bet-calculator
[INFO] Scanning https://www.oddschecker.com/help/using-oddschecker/how-it-works
[INFO] Scanning https://www.oddschecker.com/football
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

[INFO] Scanning https://www.oddschecker.com/horse-racing
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Driver.py", line 256, in cb_request_in_thread_after_finish
    queue_item.vulnerable_items = Scanner(self, self.__angular_version, self.__args.verify_payload, queue_item).get_vulnerable_items()
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 99, in get_vulnerable_items
    if self.__is_item_vulnerable(item):
  File "/home/host/tools/angularjs-csti-scanner/acstis/Scanner.py", line 120, in __is_item_vulnerable
    if not "html" in queue_item.response.headers.get("content-type"):
TypeError: argument of type 'NoneType' is not iterable

happens on python 2.7 and python 3.5.2

[Feature Request] Add Cookie Header

Hi,

I think it would be very useful to users add custom HTTP Cookie header. This option can be used to specify how to connect to the target URL.

Thanks,

[Feature Request] Log confirmed working payloads

Hi,

Can we add a logging feature of found urls that the XSS works on?

Initial requests sent from ACSTIS not appending the Cookies set in extended.py

This is similar to the issue reported earlier (#7) .

For scanning URLS in an authenticated session , I updated extended.py with the session cookies. But the initial requests that ACSTIS makes (The same set of requests that were earlier ignoring the proxy values mentioned in extended.py) do not append the cookies and I get an error in the console as the URL is not reachable.

Work-Around for authenticated Session:

For the moment in order to make ACSTIS work, I am routing the scanner's requests vis Burp and I am appending the cookies to all requests using Burp's Match and replace feature (Proxy->Options->Match and Replace)

No module named 'scripts' on Kali Linux

Hello
Can you help me solve this problem please

acstis --uri="https://site.com/" --crawl
Traceback (most recent call last):
File "/usr/local/bin/acstis", line 7, in
from scripts.acstis_cli import main
ImportError: No module named 'scripts'

tester@kali:~# python
Python 3.5.3 (default, Jan 19 2017, 14:11:04)
[GCC 6.3.0 20170118] on linux

tijme / angularjs-csti-scanner Goto Github PK

angularjs-csti-scanner's Introduction

Angular Client-Side Template Injection Scanner

Table of contents

Installation

Usage

Testing

Issues

License

angularjs-csti-scanner's People

Contributors

Stargazers

Watchers

Forkers

angularjs-csti-scanner's Issues

Expected behavior

Actual behavior

Steps to reproduce the behavior

× Encountered error while trying to install package. ╰─> lxml

Steps to reproduce the behavior

Actual behavior

Steps to reproduce the behavior

Expected behavior

Actual behavior

Steps to reproduce the behavior

Recommend Projects

Recommend Topics

Recommend Org

× Encountered error while trying to install package.
╰─> lxml