-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclick.py
69 lines (56 loc) · 2.64 KB
/
click.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import requests
from bs4 import BeautifulSoup
def print_banner():
print("\n=========================================")
print(" Clickjacking Exploit Detector ")
print(" Created by Python 2.7")
print(" Detect potential Clickjacking flaws ")
print("=========================================\n")
def check_x_frame_options(headers):
if 'X-Frame-Options' in headers:
print("[INFO] X-Frame-Options header found: " + headers['X-Frame-Options'])
if headers['X-Frame-Options'] == 'DENY' or headers['X-Frame-Options'] == 'SAMEORIGIN':
print("[SAFE] Site has protection against Clickjacking.")
else:
print("[WARNING] X-Frame-Options set to a weak policy.")
else:
print("[WARNING] No X-Frame-Options header found!")
def check_csp(headers):
if 'Content-Security-Policy' in headers:
print("[INFO] Content-Security-Policy header found.")
if 'frame-ancestors' in headers['Content-Security-Policy']:
print("[SAFE] CSP has frame-ancestors directive.")
else:
print("[WARNING] CSP does not include frame-ancestors directive.")
else:
print("[WARNING] No Content-Security-Policy header found!")
def analyze_page(url):
print("[INFO] Analyzing page:"+ url)
try:
response = requests.get(url)
headers = response.headers
check_x_frame_options(headers)
check_csp(headers)
soup = BeautifulSoup(response.content, 'html.parser')
iframes = soup.find_all('iframe')
if iframes:
print("\n[INFO] Found iframe elements on the page:")
for iframe in iframes:
print(" - Src: " + iframe.get('src', 'No source attribute'))
print(" Frame border: " + iframe.get('frameborder', 'Not specified'))
print(" Width: " + iframe.get('width', 'Not specified') + "px")
print(" Height: " + iframe.get('height', 'Not specified') + "px")
print("\n[WARNING] Iframe elements might be used for clickjacking if not properly handled.")
else:
print("\n[INFO] No iframe elements detected.")
except requests.exceptions.RequestException as e:
print("[ERROR] Failed to fetch page:"+ e)
def main():
print_banner()
url = raw_input("Enter the URL of the site to scan: ").strip()
if not url.startswith('http'):
print("[ERROR] Invalid URL. Ensure the URL starts with 'http' or 'https'.")
return
analyze_page(url)
if __name__ == '__main__':
main()