Overview

The development focused on creating a Python-based vulnerability assessment tool, specifically targeting XSS (Cross-Site Scripting) vulnerabilities. The tool is designed to be run from the command line and allows users to scan specified URLs for potential vulnerabilities. It features modular code for easy maintenance and scalability.

Project Structure

CLI Parsing (cli.py)

  • Responsible for parsing command-line arguments.
  • Arguments include the target URL, chosen plugin (defaulting to XSS), and an option to disable SSL verification.
# cli.py - Command line interface for VAT

import argparse

def parse_arguments():
    parser = argparse.ArgumentParser(description="Vulnerability Assessment Tool")
    parser.add_argument("url", help="Target URL to scan")
    parser.add_argument("--plugin", default="xss", choices=["xss"], help="Vulnerability plugin to use. Default is XSS.")
    parser.add_argument("--no-verify", action="store_true", help="Disable SSL verification")
    return parser.parse_args()

Request Handling (requests_handler.py)

  • Manages HTTPS/S requests to the target URL
  • Handles SSL verification and related errors, providing an option to proceed without SSL verification upon user confirmation.
  • Detailed SSL error messages are logged to a file for troubleshooting while presenting simplified messages to the user.
# requests_handler.py

import requests
from requests.exceptions import SSLError
import logging

# Basic configuration for logging
logging.basicConfig(filename='error_log.txt', level=logging.ERROR,
                    format='%(asctime)s:%(levelname)s:%(message)s')

def make_request(url, payload=None, verify_ssl=True):
    try:
        if payload:
            response = requests.get(url, params=payload, verify=verify_ssl)
        else:
            response = requests.get(url, verify=verify_ssl)
        return response, True
    except SSLError as ssl_error:
        logging.error(f"SSL Certificate Error encountered for {url}: {ssl_error}")
        print("SSL Certificate Error: The site's security certificate is not trusted.")
        choice = input("Proceed without SSL verification? (yes/no): ").lower()
        if choice == 'yes':
            print("Proceeding without SSL verification...")
            try:
                if payload:
                    response = requests.get(url, params=payload, verify=False)
                else:
                    response = requests.get(url, verify=False)
                return response, True
            except requests.RequestException as e:
                print("Error: Failed to make the request without SSL verification.")
                return None, False
        else:
            return None, False
    except requests.RequestException as e:
        print(f"Error: Failed to make the request. Details: {e}")
        return None, False

XSS Plugin (xss.py in plugins directory)

  • Contains the check_xss function that sends a payload to the target URL to test for reflected XSS vulnerabilities.
  • Utilizes the make_request function from request_handler.py.
# xss.py

from ..requests_handler import make_request


def check_xss(url, verify_ssl=True):
    # A basic payload
    payload = "<script>alert('xss')</script>"
    response, request_made = make_request(url, {"q": payload}, verify_ssl=verify_ssl)

    if response:
        return (payload in response.text, request_made)
    else:
        return False, request_made

Main Script (vat.py)

  • Integrates all components.
  • Orchestrates the workflow based on user input from the CLI.
  • Handles final output messages to the user based on the scan results and any encountered issues.
# vat.py

from src.vat.cli import parse_arguments
from src.vat.requests_handler import make_request
from src.vat.plugins.xss import check_xss

def main():
    # Parse CLI arguments
    args = parse_arguments()
    print(f"Scanning {args.url} using the {args.plugin} plugin...")

    # Handle SSL verification based on CLI argument
    verify_ssl = not args.no_verify

    # Check for vulnerabilities based on the chosen plugin
    if args.plugin == "xss":
        vulnerable, performed_check = check_xss(args.url, verify_ssl)
        if performed_check:
            if vulnerable:
                print(f"{args.url} is vulnerable to XSS!")
            else:
                print(f"{args.url} is not vulnerable to XSS.")
        else:
            # Error message is printed by the requests_handler module
            print(f"Scanning of {args.url} was aborted due to SSL verification failure.")

if __name__ == "__main__":
    main()

Key Features and Functionality

  1. SSL Verification
    • The tool rigorously handles SSL certificate verification.
    • In case of SSL errors, users are prompted to choose whether to proceed without SSL verification.
    • Detailed SSL errors are logged to error_log.txt, keeping user interaction clean and non-technical.
  2. XSS Vulnerability Checking
    • The tool checks for a basic form of reflected XSS.
    • Sends a test payload and checks if it is reflected in the response from the target URL.
  3. User-Friendly Interface
    • Despite the complexity of the operations, the tool maintains a user-friendly command-line interface.
    • Clear and concise messages are provided to the user, avoiding technical jargon and redundancy.
  4. Modular and Scalable Design:
    • Code is organized into distinct modules for specific functionalities, promoting maintainability and scalability.
    • The structure allows for easy addition of new features or plugins in the future.

Testing and Validation

The tool has been tested with various scenarios, including:

  • URLs with valid SSL certificates.
  • URLs with SSL certificate issues (e.g., https://expired.badssl.com/).
  • With and without the –no-verify flag to test SSL verification handling.

In all scenarios, the tool behaved as expected, providing appropriate user prompts and logging detailed errors where necessary.

Conclusion

Throughout the development of this vulnerability assessment tool, I have gained significant insights and accomplished several key objectives. This project not only enhanced my technical skills in Python programming but also deepened my understanding of software design principles and security considerations in application development.

Key Learnings and Accomplishments:

  1. Modular Programming: By structuring the project into separate modules like cli.py, requests_handler.py, and xss.py, I learned the importance of modular design. This approach not only made the code more organized and maintainable but also simplified debugging and testing processes.

  2. Handling User Interactions: Implementing a user-friendly command-line interface taught me how to balance technical functionality with user experience. Crafting clear and non-technical messages, especially when handling SSL verification, was crucial in making the tool accessible to users without deep technical backgrounds.

  3. Error Handling and Logging: Dealing with SSL errors and implementing logging mechanisms was a significant learning curve. I learned to effectively catch and log errors while keeping the user interface clean. This aspect of the project underscored the importance of robust error handling in building reliable software.

  4. Security Practices: Working on a tool focused on detecting XSS vulnerabilities offered practical insights into web security vulnerabilities. It heightened my awareness of the security aspects crucial in software development and the importance of proactive testing for vulnerabilities.

Future Scalability and Enhancements

Looking ahead, there are several avenues for enhancing and scaling this tool:

  1. Expanding Vulnerability Checks: The current focus is on XSS vulnerabilities. I plan to extend the tool’s capabilities to include other common vulnerabilities like SQL injection, CSRF, and more, turning it into a more comprehensive security assessment tool.

  2. Improved Logging and Reporting: Enhancing the logging system to include more detailed reports, potentially with an option to generate summary reports, would make the tool more useful for in-depth security analysis.

  3. User Interface Enhancements: Incorporating more interactive elements into the CLI, such as progress indicators and more detailed help messages, could further improve the user experience.

  4. Automated Testing and CI Integration: Implementing automated tests and integrating the tool into a continuous integration (CI) pipeline would ensure its reliability and effectiveness in real-world scenarios.

  5. Customization and Configurability: Adding options for users to customize payloads and scan parameters would make the tool more versatile and adaptable to different testing environments.

Finally, this project has been an immensely enriching experience, combining practical software development with the intricacies of web security. The skills and knowledge gained lay a strong foundation for future projects, especially in the realms of cybersecurity and software development. I look forward to continuing to enhance the tool, adding new features, and applying these learnings to future endeavors.