-
Notifications
You must be signed in to change notification settings - Fork 212
General Usage
usage: python3 xsrfprobe.py [-h] [-u URL] [-c COOKIE] [-o OUTPUT] [-d DELAY]
[-q] [-v] [--user-agent USER_AGENT]
[--headers HEADERS] [--exclude EXCLUDE]
[--timeout TIMEOUT] [--max-chars MAXCHARS]
[--crawl] [--skip-analysis] [--skip-poc]
[--update] [--random-agent] [--version]
Required Arguments:
-u URL, --url URL Main URL to test
Optional Arguments:
-c COOKIE, --cookie COOKIE
Cookie value to be requested with each successive
request. If there are multiple cookies, separate them
with commas. For example: `-c PHPSESSID=i837c5n83u4,
_gid=jdhfbuysf`.
-o OUTPUT, --output OUTPUT
Output directory where files to be stored. Default is
the`files` folder where all files generated will be
stored.
-d DELAY, --delay DELAY
Time delay between requests in seconds. Default is
zero.
-q, --quiet Set the DEBUG mode to quiet. Report only when
vulnerabilities are found. Minimal output will be
printed on screen.
-v, --verbose Increase the verbosity of the output (e.g., -vv is
more than -v).
--user-agent USER_AGENT
Custom user-agent to be used. Only one user-agent can
be specified.
--headers HEADERS Comma separated list of custom headers you'd want to
use. For example: ``--headers "Accept=text/php,
X-Requested-With=Dumb"``.
--exclude EXCLUDE Comma separated list of paths or directories to be
excluded which are not in scope. These paths/dirs
won't be scanned. For example: `--exclude somepage/,
sensitive-dir/, pleasedontscan/`
--timeout TIMEOUT HTTP request timeout value in seconds. The entered
value must be in floating point decimal. Example:
``--timeout 10.0``
--max-chars MAXCHARS Maximum allowed character length for the custom token
value to be generated. For example: `--max-chars 5`.
Default value is 6.
--crawl Crawl the whole site and simultaneously test all
discovered endpoints for CSRF.
--skip-analysis Skip the Post-Scan Analysis of Tokens which were
gathered during requests
--skip-poc Skip the PoC Form Generation of POST-Based Cross Site
Request Forgeries.
--update Update XSRFProbe to latest version on GitHub via git.
--random-agent Use random user-agents for making requests.
--version Display the version of XSRFProbe and exit.
Option: -u or --url
The main URL of the site you want to scan.
python xsrfprobe.py -u http://example.com/testcsrf.php
Option: --crawl
This option allows you to use XSRFProbe's built-in crawler to dynamically discover and test all endpoints which are crawled.
python xsrfprobe.py -u http://example.com --crawl
WARNING: XSRFProbe generates considerable about of requests against the target so be careful while using this option.
Option: -c or --cookies
This option helps you to supply a comma separated list of external custom cookies which will be used during all requests. See advanced usage for more info on why you should supply cookies.
python3 xsrfprobe.py -u http://example.com/testcsrf.php -c "SESSION_ID=i837c5n83u4e84cry9e4, _gid=jdhfbuysfcefjbhiiwer"
Option: --user-agent
This option (--user-agent) enables you to supply custom user-agent value. For example, if you want XSRFProbe to make requests as Googlebot crawler, you might use:
python xsrfprobe.py -u http://example.com/testcsrf.php --user-agent "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
Option: --timeout | Default: 7 seconds
It is possible to specify a number of seconds to wait before considering the HTTP(S) request timed out. The valid value is an int, for instance if you want to set the timeout value to 10 seconds, you might use
python xsrfprobe.py -u http://example.com/testcsrf.php --timeout 10
Option: -d or --delay | Default: 0 seconds
By using this option, it is possible to specify a number of seconds to hold between each HTTP(S) request. The valid value is an int, for instance if you want to set the delay value to 2 seconds, you might use:
python xsrfprobe.py -u http://example.com/testcsrf.php -d 2
Option: --headers
This option enables you to supply a comma separated list of custom headers which you might want XSRFProbe to use during all requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --headers "Accept=text/php, DNT=1"
NOTE: The additional headers which you'll supply will be appended to a list of default headers. For more info on controlling headers, see advanced usage.
Option: --random-agent
This option enables you to make requests using random user-agents for different requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --random-agent
NOTE: Using this argument is not recommended. For more info on when you should and why you shouldn't use, see advanced usage.
Option: --max-chars | Default: 6
This option enables you to supply the length of form submission string values which you might want XSRFProbe to submit whenever a form is found.
python xsrfprobe.py -u http://example.com/testcsrf.php --max-chars 10
NOTE: The length of the form submissions are crucial. For more info on controlling charter generation, see advanced usage.
Option: --exclude
This option enables you to supply a comma separated list of directories which are out of scope and will not be scanned. See advanced usage for more info.
python3 xsrfprobe.py -u http://example.com --crawl --exclude "sensitive_dir/, dontscanme/"
NOTE: The --crawl option is a must to supply with --exclude argument.
Option: -q or --quiet
It is possible to control XSRFProbe's verbose output using -q/--quiet option as follows:
python xsrfprobe.py -u http://example.com/testcsrf.php --quiet
NOTE:
Using this option is NOT RECOMMENDED as it significantly decreases the output, and XSRFProbe will only report to the terminal only if some significant vulnerability is found. You will also not know what going on under the hood. This option is turned
offby default, so you'll have to explicitly set this option for a quiet output.
Option: --skip-poc
This option enables you to skip the Proof of Concept form generation of POST-Based CSRF vulnerable forms.
python xsrfprobe.py -u http://example.com/testcsrf.php --skip-poc
Option: -o or --output | Default: Default Directory
This option enables you to specify the output directory where all logs and stuff will be stored. After a successful scan completion, mainly 5 logs are generated:
-
vulnerabilities.log- Log file where all vulnerabilities will be stored. -
errored.log- Log file where all errors encountered will be stored. -
internal-links.log- Log file where all links found and crawled will be stored. -
forms-tested.log- Log file where all forms tested will be stored. -
tokens.log- Log file where all Anti-CSRF tokens are stored (if any). Apart from these, if XSRFProbe finds any form vulnerable to POST-Based CSRF, it will generate a PoC form which will be stored there too (unless the--skip-pocargument is not supplied).
Option: --skip-analysis
This option enables you to skip the post-scan analysis of tokens which were gathered during various requests.
python xsrfprobe.py -u http://example.com/testcsrf.php --skip-analysis
Option: --update
If this option is enabled, XSRFProbe will check for updates. If a newer version will available, XSRFProbe will download and merge the updates into the current directory.
python xsrfprobe.py --update
Option: --version
This option displays the current version of XSRFProbe which you're using.
python xsrfprobe.py --update
Last Updated — 31/10/2019 by @0xInfection
- Home Welcome to XSRFProbe!
- Getting Started Getting started and setting up XSRFProbe.
- General Usage Basic usage of XSRFProbe.
- Advanced Usage Useful for advanced users who know what they're doing.
- XSRFProbe Internals How XSRFProbe works, intended for developers.
- Some FAQs Some discussions on topics which a user should understand.
- Contributing Making new pull requests.
- Reporting Bugs Issuing new bugs to XSRFProbe.