一、基本思路

1、整体上的思路是发送一个带有Payload参数值的请求，从响应当中判断是否存在Payload(反射性XSS)

2、准备一份字典文件、尽可能包含更多的payload,并给每一个payload进行分类（不同的类型匹配的要求不同）

import requests# 从响应中检测payload是否有效
def check_reps(response,payload,type):index = response.find(payload)prefix = response[index-2:index-1]if type == 'Normal' and prefix != '=' and index >=0:return Trueelif type == 'Prop' and prefix == '=' and index >= 0:return Truereturn False# 实现xss扫描的主功能
def xss_scan(location):url = location.split('?')[0]param = location.split('?')[1].split('=')[0]  # 1代表第二部分with open('../dict/xss-payload.txt') as file:  # xss-payload.txt是字典文件需要自己去添加payload_list = file.readlines()for payload in payload_list:type = payload.strip().split(':',1)  #切分第一个：然后后面的直接删除payload = payload.strip().split(':', 1)[1]resp = requests.get(url=url,params={param:payload})if check_reps(resp.text,payload,type):print(f"此处存在xss漏洞：{payload}")if __name__ == '__main__':xss_scan('http://192.168')# source = "hello woniu welcome woniu"# index = source.find('woniu')# print()