Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting this error after fresh install #393

Open
Osiris9999 opened this issue Jan 12, 2024 · 2 comments
Open

Getting this error after fresh install #393

Osiris9999 opened this issue Jan 12, 2024 · 2 comments

Comments

@Osiris9999
Copy link

XSStrike v3.1.5

[~] Checking for DOM vulnerabilities
[+] Potentially vulnerable objects found

------------------------------------------------------------sage, 3000);nerHTML = smessage_text;
[-] WAF detected: CloudFlare Web Application Firewall (CloudFlare)
[!] Testing parameter: s
[!] Reflections found: 12
[] Analysing reflections
[] Generating payloads
Traceback (most recent call last):
File "/home/osiris/xss/XSStrike/xsstrike.py", line 174, in
scan(target, paramData, encoding, headers, delay, timeout, skipDOM, skip)
File "/home/osiris/xss/XSStrike/modes/scan.py", line 81, in scan
vectors = generator(occurences, response.text)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/osiris/xss/XSStrike/core/generator.py", line 136, in generator
closer = jsContexter(script)
^^^^^^^^^^^^^^^^^^^
File "/home/osiris/xss/XSStrike/core/jsContexter.py", line 11, in jsContexter
pre = re.sub(r'(?s){.?}|(?s)(.?)|(?s)".?"|(?s)'.?'', '', pre)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 185, in sub
return _compile(pattern, flags).sub(repl, string, count)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 294, in _compile
p = _compiler.compile(pattern, flags)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_compiler.py", line 745, in compile
p = _parser.parse(p, flags)
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 989, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 464, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 850, in _parse
raise source.error('global flags not at the start '
re.error: global flags not at the start of the expression at position 12

To Reproduce
i was just running python xsstrike.py -u "www.xyx.com"

Environment:

  • OS: [Kali ]
  • Python version [e.g. 3.7]

I am using the latest version of XSStrike.
I I installed the dependecies using pip3 instead of pip
@BugBountyHunter403
Copy link

got any fix?

darkb0ts added a commit to darkb0ts/XSStrike that referenced this issue Mar 22, 2024
@darkb0ts
fix re express s0md3v#393
cd18439
@darkb0ts darkb0ts mentioned this issue Mar 22, 2024
Open
@reevesy1
Copy link

i worked out a fix for it. seems to work fine now.

  1. Open to edit XSStrike/core/jsContexter.py

  2. Remove or I just commented out # pre = re.sub(r'(?s)\{.*?\}|(?s)\(.*?\)|(?s)".*?"|(?s)\'.*?\'', '', pre) its line 11 or 12.

  3. Add the following in its place

    pre = re.sub(r'(?s)\{.*?\}', '', pre)
    pre = re.sub(r'(?s)\(.*?\)', '', pre)
    pre = re.sub(r'(?s)".*?"', '', pre)
    pre = re.sub(r"(?s)'.*?'", '', pre)

Fixed that issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Osiris9999 @reevesy1 @BugBountyHunter403