lauritzh / domscan Goto Github PK

hacker@ubuntu:~/domscan$ node scan.js
/home/hacker/domscan/node_modules/puppeteer-core/lib/cjs/puppeteer/common/EventEmitter.js:128
return this.eventsMap.get(event)?.length || 0;
^

SyntaxError: Unexpected token '.'
at wrapSafe (internal/modules/cjs/loader.js:915:16)
at Module._compile (internal/modules/cjs/loader.js:963:27)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
at Module.load (internal/modules/cjs/loader.js:863:32)
at Function.Module._load (internal/modules/cjs/loader.js:708:14)
at Module.require (internal/modules/cjs/loader.js:887:19)
at require (internal/modules/cjs/helpers.js:74:18)
at Object. (/home/hacker/domscan/node_modules/puppeteer-core/lib/cjs/puppeteer/api/Browser.js:19:27)
at Module._compile (internal/modules/cjs/loader.js:999:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)

Hi,

Can you consider the possibility of configuring it to scan a text list of URL addresses?

Thanks

• Parse provided fragment
• Scan "query parameters" of fragment of present

In non-headless mode, an interactive mode would be useful. DOMscan could wait after each payload until user manually continues execution of scan.

There are further methods that should be investigated and, if suitable, added to the "-g" feature flag.

Example: https://twitter.com/bemodtwz/status/1634264844013543451?

Before making a tool first do some research, Will this be better than any other tools available?
I really had huge hopes with this tool as this one is made using nodejs. But it can't even detect a simple XSS.
For your proof:

The XSS was: http://sudo.co.il/xss/level4.php?email=%22autofocus/onfocus=javascript:window.onerror=prompt;throw[1]%20c=%22

At least it should pass all the XSS challenges of http://sudo.co.il/xss/ only then I can think of using this one over the others.

And please understand, most of the modern websites have XSS mechanism in place that automatically blocks alert keyword.
prompt is the new alert :)

Please take my words as a valuable feedback and I will be waiting for the next release :)

The goal is to implement more coherent visual output (in terms of used colours, highlighting, wording, ...).

Some ideas:

• Progress Bars / Updating Progress Indicators
• Summary after scan completion

Color Scheme:

• Green with [+]: Status Updates
• Turquoise with [!]: Findings
• Red with [!]: Error
• Yellow with [*]: Possible Findings and events that need investigation
• White with [=] : Requires User Interaction

When scanning a url, it keeps outputting the same finding

Hey mate! Stumbled across the tool and been wanting to try it to help out with some DOM XSS. I've span up DVWA on TryHackMe and can scan the application successfully while unauthenticated, but when attempting to scan authenticated it errors out and results in loads of 302 redirects. I've tested the cookies using Katana too, and this was successful.

domscan "http://10.10.48.184/vulnerabilities/xss_d/?default=English" -c "PHPSESSID=ia8p[snipped]2; security=low"

URL: http://10.10.48.184/vulnerabilities/xss_d/?default=English
[+] URL Parameters: {"default":"English"}
[+] Adding mutations of given URL parameter values to payload list...
[+] Starting browser...
[+] Found redirect, could indicate erroneous initial URL or missing cookies: 302 http://10.10.48.184/vulnerabilities/xss_d/?default=English
[+] Wait until JS was evaluated...
[+] Scanning parameters...
[+] Scanning parameter: default
[+] Found redirect for Payload "/autofocus/onfocus="alert`` in Param default to http://10.10.48.184/login.php
[!] Found redirect: 302 http://10.10.48.184/vulnerabilities/xss_d/?default=%22%2Fautofocus%2Fonfocus%3D%22%26%2397%3Blert%60%60

It then just spams the 302 redirect and eventually scans the login page instead. However, the same cookies using Katana works.

└─$ katana -u "http://10.10.48.184/vulnerabilities/" -H "PHPSESSID=ia8p[snipped]2; security=low"
projectdiscovery.io

[snipped]
http://10.10.48.184/vulnerabilities/sqli/
http://10.10.48.184/vulnerabilities/sqli_blind/
http://10.10.48.184/vulnerabilities/upload/
http://10.10.48.184/vulnerabilities/view_help.php
http://10.10.48.184/vulnerabilities/view_source.php
http://10.10.48.184/vulnerabilities/view_source_all.php
http://10.10.48.184/vulnerabilities/weak_id/
http://10.10.48.184/vulnerabilities/xss_d/
http://10.10.48.184/vulnerabilities/xss_r/
http://10.10.48.184/vulnerabilities/xss_s/
http://10.10.48.184/login.php
http://10.10.48.184/vulnerabilities/?C=N;O=A

Is my syntax wrong or any ideas why this fails? Thanks!

How to solve this issue, when I run this tool this give a error:

[!] No URL or hash parameters found. If you do not intent to only guess parameters (see help), please provide an URL that already includes GET parameters.
[+] Adding mutations of given URL parameter values to payload list...
[+] Starting browser...
Failed to launch the browser process! undefined
[1194:1194:1001/000912.154161:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.


TROUBLESHOOTING: https://pptr.dev/troubleshooting
: Error: Failed to launch the browser process! undefined
[1194:1194:1001/000912.154161:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.


TROUBLESHOOTING: https://pptr.dev/troubleshooting

    at ChildProcess.onClose (/usr/local/lib/node_modules/domscan/node_modules/@puppeteer/browsers/lib/cjs/launch.js:277:24)
    at ChildProcess.emit (node:events:525:35)
    at ChildProcess._handle.onexit (node:internal/child_process:291:12)

What's solution ?