[Feature Request] Log confirmed working payloads

tijme / angularjs-csti-scanner

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

MIT License

302 stars 87 forks source link

Closed random-robbie closed 6 years ago

random-robbie commented 6 years ago

Hi,

Can we add a logging feature of found urls that the XSS works on?

tijme commented 6 years ago

Thanks for the feature request. It seems possible to do this.

Maybe using an argument like -vrl [FILENAME],--vulnerable-requests-log=[FILENAME] that logs all vulnerable requests to the [FILENAME] file.

In the mean time you can use python -u acstis.py > output.log and then search for vulnerable in the output.log.

random-robbie commented 6 years ago

this would be perfect as i plan to to a mass scan of a lot of urls and need to be able to dump all the vulnerable urls.