Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vavkamil/XSSwagger
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks
https://github.com/vavkamil/XSSwagger
Last synced: 5 days ago
JSON representation
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks
- Host: GitHub
- URL: https://github.com/vavkamil/XSSwagger
- Owner: vavkamil
- Created: 2019-07-25T17:49:03.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-08-30T08:53:27.000Z (about 5 years ago)
- Last Synced: 2024-08-01T10:17:16.211Z (3 months ago)
- Language: Python
- Homepage:
- Size: 12.7 KB
- Stars: 52
- Watchers: 1
- Forks: 14
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
- awesome-bugbounty-tools - XSSwagger - A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks (Exploitation / XSS Injection)
README
# XSSwagger
Swagger-ui XSS scanner
A simple scanner that can find old versions of Swagger-ui vulnerable to various XSS attacks
#### XSS Vulnerabilities
https://snyk.io/vuln/npm:swagger-ui
#### Detecting Swagger UI version
https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/version-detection.md
## Usage
```
vavkamil@localhost:~/Documents/Python/XSSwagger$ python3 xsswagger.py
) ( (
( /( )\ ))\ )
)\()|()/(()/(( ( ) ( ( ( ( ( (
((_)\ /(_))(_))\))( ( /( )\))()\))( ))\ )(
__((_|_))(_))((_)()\ )(_)|(_))((_))\ /((_|()\
\ \/ / __/ __|(()((_|(_)_ (()(_|()(_|_)) ((_)
> <\__ \__ \ V V / _` / _` / _` |/ -_)| '_|
/_/\_\___/___/\_/\_/\__,_\__, \__, |\___||_|
|___/|___/
usage: xsswagger.py [-h] (-d DOMAIN | -D DOMAINS) [-w WORDLIST] [-t THREADS]
xsswagger.py: error: one of the arguments -d -D is required
```
## Example
```
vavkamil@localhost:~/Documents/Python/XSSwagger$ python3 xsswagger.py -D test.txt
) ( (
( /( )\ ))\ )
)\()|()/(()/(( ( ) ( ( ( ( ( (
((_)\ /(_))(_))\))( ( /( )\))()\))( ))\ )(
__((_|_))(_))((_)()\ )(_)|(_))((_))\ /((_|()\
\ \/ / __/ __|(()((_|(_)_ (()(_|()(_|_)) ((_)
> <\__ \__ \ V V / _` / _` / _` |/ -_)| '_|
/_/\_\___/___/\_/\_/\__,_\__, \__, |\___||_|
|___/|___/
[i] Scanning multiple domains: test.txt
[i] Domains in a list: 5
****************************************************************************************************
****************************************************************************************************
[ Redirect ] https://dev.fitbit.com/build/reference/web-api/explore -> https://dev.fitbit.com/build/reference/web-api/explore/
[ 200 ] [ Swagger UI ] https://dev.fitbit.com/build/reference/web-api/explore/
[ Version ] 3.19.2 detected!
[ Vulnerable ] version 3.19.2 detected!
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] <3.20.9
[ Published ] 14 Jun, 2019
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921
****************************************************************************************************
****************************************************************************************************
[ 200 ] [ API Documentation ] https://promo-services-staging.brave.com/documentation
[ Version ] 2.1.4 detected!
[ Vulnerable ] version 2.1.4 detected!
----------------------------------------------------------------------------------------------------
[ Severity ] High
[ Vulnerable ] <2.2.1
[ Published ] 25 Jul, 2016
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/npm:swagger-ui:20160725
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] <2.2.3
[ Published ] 13 Mar, 2017
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/npm:swagger-ui:20160901
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] >=3.0.0 <3.0.13
[ Published ] 16 Jun, 2019
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] <3.4.2
[ Published ] 25 Dec, 2017
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/npm:swagger-ui:20171031
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] <3.18.0
[ Published ] 13 Jun, 2019
[ Vulnerability ] Reverse Tabnabbing
[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] <3.20.9
[ Published ] 14 Jun, 2019
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921
****************************************************************************************************
****************************************************************************************************
[ 200 ] [ Swagger UI ] https://api.hitbtc.com/api/2/explore/
[ Version ] 3.19.5 detected!
[ Vulnerable ] version 3.19.5 detected!
----------------------------------------------------------------------------------------------------
[ Severity ] Medium
[ Vulnerable ] <3.20.9
[ Published ] 14 Jun, 2019
[ Vulnerability ] Cross-site Scripting (XSS)
[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921
****************************************************************************************************
****************************************************************************************************
[ 200 ] [ Swagger UI ] https://console.cloud.vmware.com/csp/gateway/slc/api/swagger-ui.html
[ Version ] Idk, please check manually!
[ Done ] Don't be evil!
```