search

s0md3v / XSStrike

Most advanced XSS scanner.
GNU General Public License v3.0
13.39k stars 1.91k forks source link

Causes this error when running...i am using latest version of xsstrike. #372

Open UxplnJDK opened 1 year ago

UxplnJDK commented 1 year ago

Traceback (most recent call last): File "/home/sunil/python-tools/XSStrike/xsstrike.py", line 174, in scan(target, paramData, encoding, headers, delay, timeout, skipDOM, skip) File "/home/sunil/python-tools/XSStrike/modes/scan.py", line 81, in scan vectors = generator(occurences, response.text) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/sunil/python-tools/XSStrike/core/generator.py", line 136, in generator closer = jsContexter(script) ^^^^^^^^^^^^^^^^^^^ File "/home/sunil/python-tools/XSStrike/core/jsContexter.py", line 11, in jsContexter pre = re.sub(r'(?s){.?}|(?s)(.?)|(?s)".?"|(?s)\'.?\'', '', pre) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 185, in sub return _compile(pattern, flags).sub(repl, string, count) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 294, in _compile p = _compiler.compile(pattern, flags) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_compiler.py", line 743, in compile p = _parser.parse(p, flags) ^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 980, in parse p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 455, in _parse_sub itemsappend(_parse(source, state, verbose, nested + 1, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 841, in _parse raise source.error('global flags not at the start ' re.error: global flags not at the start of the expression at position 12

0x9Fahad commented 1 year ago

exactly same issue here, might be the python3 libraries, testing for a solution right now.

notkearash commented 1 year ago

Seems like a proxy issue. Solved when I removed the --proxy flag.

sriramoffcl commented 1 year ago

.

On Tue, Jun 6, 2023 at 4:51 AM !Kearash @.***> wrote:

Seems like a proxy issue. Solved when I removed the --proxy flag.

— Reply to this email directly, view it on GitHub https://github.com/s0md3v/XSStrike/issues/372#issuecomment-1577670719, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIMX4PQAJSSP3QHKJ5BUILDXJZSVZANCNFSM6AAAAAAYDZ3WTA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

0x9Fahad commented 1 year ago

Seems like a proxy issue. Solved when I removed the --proxy flag.

issue still exists when removing the proxy flag, would you please show an example of the command you used.

notkearash commented 1 year ago

@0x9Fahad 

$ python xsstrike.py -u 'https://example.app/search?search=hi'

    XSStrike v3.1.5

[~] Checking for DOM vulnerabilities 
[-] WAF detected: CloudFlare Web Application Firewall (CloudFlare) 
[!] Testing parameter: search 
[!] Reflections found: 6 
[~] Analysing reflections 
[~] Generating payloads 
[!] Payloads generated: 3120

I think the issue is in response. Some web apps still throws this error even without --proxy

Anthonymcqueen21 commented 1 year ago

I am having the same problem as well xsstrike is updated and all the fuzzers and so on are updated and connected so its just weird.

Hugo-Lua commented 8 months ago

might be xss protection

AdithyakrishnaV commented 3 months ago

The problem is, XSStrike work with Python 3.8 or 3.9. Roll back to the older vertion or, consider creating a virtual environment with an older Python version: pyenv install 3.8.10 pyenv virtualenv 3.8.10 xsstrike-env pyenv activate xsstrike-env

After this you may run into an error: ModuleNotFoundError: No module named 'requests' Just run this command: pip install requests

Now the tool will be working just fine. If it helped consider subscribing to my YouTube channel: https://www.youtube.com/channel/UCR9txckubHGilBvNGvud_dg I create contents about bug boundy and reverse engineering.

ac0z commented 2 months ago

image

using python 3.9. Can you help me?

gauravlinux commented 2 months ago

still this tool is not working

AdithyakrishnaV commented 2 months ago

image

using python 3.9. Can you help me?

try with 3.8.10

ianwolf99 commented 2 months ago

not working

ragawarsh commented 1 month ago

step1. sudo apt update

step2. sudo apt install -y make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git

step3. curl https://pyenv.run | bash

step4. nano ~/.bashrc

step5. export PATH="$HOME/.pyenv/bin:$PATH" eval "$(pyenv init --path)" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)"

step6. source ~/.bashrc

step7. nano ~/.zshrc

step8. export PATH="$HOME/.pyenv/bin:$PATH" eval "$(pyenv init --path)" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" step9. source ~/.zshrc

check version by pyenv --version

Then follow these commands(move the directory in which XSStrike is installed) pyenv install 3.8.10 pyenv virtualenv 3.8.10 xsstrike-env pyenv activate xsstrike-env

Finally deactivate env pyenv deactivate