Improve argument parsing

[andresriancho]

The argument parsing is done caveman style :smile: https://github.com/neraliu/tpjs/blob/master/examples/domxss-common.js#L51 in order to specify if I want to fuzz or not I have to run with two parameters that I don't care about:

./bin/phantomjs examples/domxss.js http://w3af.org/ '' 1000 1

It would be nice to be able to use:

./bin/phantomjs examples/domxss.js http://w3af.org/ --fuzz=1

[neraliu]

thanks, we are aware of this, we will enhance it later

[neraliu]

this is our proposed script, any comments? https://github.com/neraliu/tpjs/blob/master/cli/tpjs

[andresriancho]

• https://github.com/neraliu/tpjs/blob/master/cli/tpjs#L42 doesn't make much sense. If the URL is always going to be there, it shouldn't require users to enter -l. If for some reason you want to keep this arg, I would rename to -u
• https://github.com/neraliu/tpjs/blob/master/cli/tpjs#L46 -s the scanning script [domxss.js|domxss-fuzz.js] replaces --fuzz=1? I believe that option naming is better.
• https://github.com/neraliu/tpjs/blob/master/cli/tpjs#L133 what if /usr/local doesn't exist?

[neraliu]

1 - agreed, and will make it improved

2 - this one has the story behind, as domxss detection may be relied on some user interaction, so -s is for running some specific script, but i agree to make the --fuzz=1 for some pattern scanning.

3 - improved later as it should have install script to take care of it.