-
Notifications
You must be signed in to change notification settings - Fork 208
General Usage
usage: python3 xsrfprobe.py [-h] [-u URL] [-c COOKIE] [-o OUTPUT] [-d DELAY]
[-q] [-v] [--user-agent USER_AGENT]
[--headers HEADERS] [--exclude EXCLUDE]
[--timeout TIMEOUT] [--max-chars MAXCHARS]
[--crawl] [--no-analysis] [--malicious]
[--skip-poc] [--display] [--update]
[--random-agent] [--version]
Required Arguments:
-u URL, --url URL Main URL to test
Optional Arguments:
-c COOKIE, --cookie COOKIE
Cookie value to be requested with each successive
request. If there are multiple cookies, separate them
with commas. For example: `-c PHPSESSID=i837c5n83u4,
_gid=jdhfbuysf`.
-o OUTPUT, --output OUTPUT
Output directory where files to be stored. Default is
the`files` folder where all files generated will be
stored.
-d DELAY, --delay DELAY
Time delay between requests in seconds. Default is
zero.
-q, --quiet Set the DEBUG mode to quiet. Report only when
vulnerabilities are found. Minimal output will be
printed on screen.
-v, --verbose Increase the verbosity of the output (e.g., -vv is
more than -v).
--user-agent USER_AGENT
Custom user-agent to be used. Only one user-agent can
be specified.
--headers HEADERS Comma separated list of custom headers you'd want to
use. For example: ``--headers "Accept=text/php,
X-Requested-With=Dumb"``.
--exclude EXCLUDE Comma separated list of paths or directories to be
excluded which are not in scope. These paths/dirs
won't be scanned. For example: `--exclude somepage/,
sensitive-dir/, pleasedontscan/`
--timeout TIMEOUT HTTP request timeout value in seconds. The entered
value may be either in floating point decimal or an
integer. Example: ``--timeout 10.0``
--max-chars MAXCHARS Maximum allowed character length for the custom token
value to be generated. For example: `--max-chars 5`.
Default value is 6.
--crawl Crawl the whole site and simultaneously test all
discovered endpoints for CSRF.
--no-analysis Skip the Post-Scan Analysis of Tokens which were
gathered during requests
--malicious Generate a malicious CSRF Form which can be used in
real-world exploits.
--skip-poc Skip the PoC Form Generation of POST-Based Cross Site
Request Forgeries.
--display Print out response headers of requests while making
requests.
--update Update XSRFProbe to latest version on GitHub via git.
--random-agent Use random user-agents for making requests.
--version Display the version of XSRFProbe and exit.
Option: -u
or --url
The main URL of the site you want to scan. This might be either a URL endpoint or the first level domain itself.
python xsrfprobe.py -u http://example.com/testcsrf.php
Option: --crawl
This option allows you to use XSRFProbe's built-in crawler to dynamically discover and simultaneously test all endpoints which are crawled.
python xsrfprobe.py -u http://example.com --crawl
WARNING: XSRFProbe generates considerable amout of requests against the target so be careful while using this option.
Option: -c
or --cookies
This option helps you to supply a comma separated list of external custom cookies which will be used during all requests. See advanced usage for more info on why you should supply cookies.
python3 xsrfprobe.py -u http://example.com/testcsrf.php -c "SESSION_ID=i837c5n83u4e84cry9e4, _gid=jdhfbuysfcefjbhiiwer"
Option: --user-agent
This option (--user-agent
) enables you to supply custom user-agent value. For example, if you want XSRFProbe to make requests as Googlebot crawler, you might use:
python xsrfprobe.py -u http://example.com/testcsrf.php --user-agent "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
Option: --timeout
| Default: 7 seconds
It is possible to specify a number of seconds to wait before considering the HTTP(S) request timed out. The valid value is an int
, for instance if you want to set the timeout value to 10 seconds, you might use
python xsrfprobe.py -u http://example.com/testcsrf.php --timeout 10
Option: -d
or --delay
| Default: 0 seconds
By using this option, it is possible to specify a number of seconds to hold between each request. The value specified should either be an integer or a floating point decimal.
python xsrfprobe.py -u http://example.com/testcsrf.php -d 2
Option: --headers
This option enables you to supply a comma separated list of custom headers which you might want XSRFProbe to use during all requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --headers "Accept=text/php, DNT=1"
NOTE: The additional headers which you'll supply will be appended to a list of default headers. For more info on controlling headers, see advanced usage.
Option: --random-agent
This option enables you to make requests using random user-agents for different requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --random-agent
NOTE: Using this argument is NOT RECOMMENDED if you're supplying a cookie using the
--cookie
argument. For more info on when you should and when and why you shouldn't use, see advanced usage.
Option: --max-chars
| Default: 6
This option enables you to supply the character length of form submission string values which you might want XSRFProbe to submit whenever a form is found.
python xsrfprobe.py -u http://example.com/testcsrf.php --max-chars 10
NOTE: The length of the string being submitted in forms are crucial. For more info on controlling charter generation, see advanced usage.
Option: --exclude
This option enables you to supply a comma separated list of directories which are out of scope and will not be scanned.
python3 xsrfprobe.py -u http://example.com --crawl --exclude "sensitive_dir/, dontscanme/"
NOTE: The
--crawl
option is a must to supply with--exclude
argument. If you're testing a single endpoint then supplying this option doesn't hold valid.
Option: -q
or --quiet
It is possible to control XSRFProbe's verbose output using -q/--quiet
option as follows:
python xsrfprobe.py -u http://example.com/testcsrf.php --quiet
NOTE:
Using this option is NOT RECOMMENDED as it significantly decreases the output, and XSRFProbe will only report to the terminal only if some significant vulnerability is found. This option was originally developed for development purposes where one needs to avoid heavy logs when it comes to CIs. However you also might want to supply this option if you do not want to know what's going on under the hood. This option is turned
off
by default, so you'll have to explicitly set this option for a quiet output.
Option: --malicious
This option enables you to instruct XSRFProbe to craft malicious CSRF forms which can be used in real world exploitations.
python xsrfprobe.py -u http://example.com/testcsrf.php --malicious
NOTE: The
--skip-poc
argument should not supplied with this switch, or the form itself will never be generated.
Option: --skip-poc
This option enables you to skip the Proof of Concept form generation of POST-Based CSRF vulnerable forms.
python xsrfprobe.py -u http://example.com/testcsrf.php --skip-poc
Option: -o
or --output
| Default: output/
Directory
This option enables you to specify the output directory where all logs and stuff will be stored. After a successful scan completion, mainly 6 logs are generated:
-
vulnerabilities.log
- Log file where all vulnerabilities will be stored. -
strengths.log
- Log file where all strengths of the web-app are stored. -
errored.log
- Log file where all errors encountered will be stored. -
internal-links.log
- Log file where all links found and crawled will be stored. -
forms-tested.log
- Log file where all forms tested will be stored. -
tokens.log
- Log file where all Anti-CSRF tokens are stored (if any). Apart from these, if XSRFProbe finds any form vulnerable to POST-Based CSRF, it will generate a PoC form which will be stored there too (unless the--skip-poc
argument is not supplied).
Option: --no-analysis
This option enables you to skip the post-scan analysis of tokens which were gathered during various requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --no-analysis
Option: --display
Often you might want to view the response header sent from an application during requests. This option empowers you to view headers sent by the web-application during all requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --display
Option: --update
If this option is supplied, XSRFProbe will check for updates. If a newer version will available, XSRFProbe will download and merge the updates into the current directory via its seamless update system without losing any of your files.
python xsrfprobe.py --update
Option: --version
This option displays the current version of XSRFProbe from files/VersionNum
which you're using.
python xsrfprobe.py --version
Last Updated — 31/10/2019 by @0xInfection
- Home Welcome to XSRFProbe!
- Getting Started Getting started and setting up XSRFProbe.
- General Usage Basic usage of XSRFProbe.
- Advanced Usage Useful for advanced users who know what they're doing.
- XSRFProbe Internals How XSRFProbe works, intended for developers.
- Some FAQs Some discussions on topics which a user should understand.
- Contributing Making new pull requests.
- Reporting Bugs Issuing new bugs to XSRFProbe.