update xss + dorking module -> fixing a lot of bugs

INSTALL.md

@@ -1,5 +1,11 @@
 # Installation
 
+## Pre-Commit
+
+python3 -m pip install pre-commit
+pre-commit installed at .git/hooks/pre-commit
+
+
 ## Classical
 
 ## PyPy

README.md

@@ -11,15 +11,15 @@ make
 ```
 ## Usage
 ```bash
-python3 bounty_drive.py
+python3 py
 ```
 
 ```bash
-Please specify the website extension(eg- .in,.com,.pk) [default: ] -----> 
+Please specify the website extension(eg- .in,.com,.pk) [default: ] ----->
 Do you want to restrict search to subdomain present in target.txt ? [default: true (vs false)] -----> true
-Please specify the total no. of websites you want [default: 10] ----> 
-From which Google page you want to start(eg- 1,2,3) [default: 1] ----> 
-Do you want to do the Google dorking scan phase ? [default: true (vs false)] ----> 
+Please specify the total no. of websites you want [default: 10] ---->
+From which Google page you want to start(eg- 1,2,3) [default: 1] ---->
+Do you want to do the Google dorking scan phase ? [default: true (vs false)] ---->
 Do you want to do the Github dorking scan phase ? [default: true (vs false)] ----> false
 Do you want to test for XSS vulnerability ? [default: true (vs false)] ----> true
 Do you want to encode XSS payload ? [default: true (vs false)] ----> false
@@ -40,6 +40,10 @@ Updated at 2024-02-18 15:32:02 UTC.
 
 TODO: we should proxy proxy chains
 
+## TODO
+
+- use singletons for config !!!
+
 # HAPPY HUNTING
 
 
@@ -64,5 +68,7 @@ https://github.com/spekulatius/infosec-dorks
 
 https://github.com/RevoltSecurities/Subdominator
 
+https://github.com/Raghavd3v/CRLFsuite/blob/main/crlfsuite/db/wafsignatures.json
+
 # TODO
 add a vulnerable wordpress plugin and then dork to find vulnerable wordpress sites

bounty_drive/attacks/dorks/dorking_config.py

@@ -1 +1,6 @@
-SUBDOMAIN            = None    # TODO use target.txt and allow multiple domain
+class DorkingConfig:
+    SUBDOMAIN = []  # TODO use target.txt and allow multiple domain
+    CRAWL = False
+
+
+dorking_config = DorkingConfig()

bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt

@@ -22,9 +22,9 @@
 /view.php?PID= /view.php?PID=
 /winners.php?year=2008&type= /winners.php?year=2008&type=
 /winners.php?year=2008&type= /winners.php?year=2008&type=
-index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
-index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
-intext:”Website by Mile High Creative”
+index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations"
+index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations"
+intext:"Website by Mile High Creative"
 inurl:.com/search.asp
 inurl:/poll/default.asp?catid=
 inurl:/products/classified/headersearch.php?sid=
@@ -37,28 +37,28 @@ inurl:com_feedpostold/feedpost.php?url=
 inurl:headersearch.php?sid=
 inurl:scrapbook.php?id=
 inurl:search.php?q=
-inurl:”.php?author=”
-inurl:”.php?cat=”
-inurl:”.php?cmd=”
-inurl:”.php?feedback=”
-inurl:”.php?file=”
-inurl:”.php?from=”
-inurl:”.php?keyword=”
-inurl:”.php?mail=”
-inurl:”.php?max=”
-inurl:”.php?pass=”
-inurl:”.php?q=”
-inurl:”.php?query=”
-inurl:”.php?search=”
-inurl:”.php?searchstring=”
-inurl:”.php?searchst­ring=”
-inurl:”.php?tag=”
-inurl:”.php?txt=”
-inurl:”.php?vote=”
-inurl:”.php?years=”
-inurl:”.php?z=”
-inurl:”contentPage.php?id=”
-inurl:”displayResource.php?id=”
+inurl:".php?author="
+inurl:".php?cat="
+inurl:".php?cmd="
+inurl:".php?feedback="
+inurl:".php?file="
+inurl:".php?from="
+inurl:".php?keyword="
+inurl:".php?mail="
+inurl:".php?max="
+inurl:".php?pass="
+inurl:".php?q="
+inurl:".php?query="
+inurl:".php?search="
+inurl:".php?searchstring="
+inurl:".php?searchst­ring="
+inurl:".php?tag="
+inurl:".php?txt="
+inurl:".php?vote="
+inurl:".php?years="
+inurl:".php?z="
+inurl:"contentPage.php?id="
+inurl:"displayResource.php?id="
 pages/match_report.php?mid= pages/match_report.php?mid=
 inurl:/search?query=<script>alert('XSS')</script>
 inurl:/login?username=<script>alert('XSS')</script>