├── domains.txt
├── README.md
├── provider.json
├── main.go
└── providerCreate.html


/domains.txt:
--------------------------------------------------------------------------------
1 | facebook.com
2 | twitter.com
3 | gmail.com
4 | hackerone.com
5 | bugcrowd.com
6 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Inception
 2 | **Inception** is a highly configurable tool to check for whatever you like against any number of hosts.
 3 | 
 4 | Inception is a Go version of [Snallygaster](https://github.com/hannob/snallygaster) and comes with a large number of test cases derived from Snallygaster plus more, added by me.
 5 | 
 6 | What differentiate Inception from Snallygaster is- it allows users to create & provide their own test cases without touching a single line of code.
 7 | 
 8 | The use of goroutine makes it very fast but it doesn't hammer a single domain concurrently with a large number of requests.
 9 | 
10 | ### Installation
11 | Just make sure you have go installed and run the following command.
12 | ```sh
13 | go get github.com/proabiral/inception
14 | ```
15 | 
16 | ### Usage
17 | ```
18 | ▶️  inception -h
19 |     Usage of inception:
20 |       -d string
21 |           Path of list of domains to run against (default "/home/user/go/src/github.com/proabiral/inception/domains.txt")
22 |       -provider string
23 |           Path of provider file (default "/home/user/go/src/github.com/proabiral/inception/provider.json")
24 |       -t int
25 |           No of threads (default 200)
26 |       -timeout int
27 |           HTTP request Timeout (default 10)
28 |       -v Verbose mode
29 | ```
30 |    
31 | #### Examples
32 | ```
33 | ▶️ inception -d /path/to/domainlist.txt
34 | Issue detected : Server status is publicly viewable http://127.0.0.1/server-status response contains all check
35 | Issue detected : PHP info is publicly viewable http://127.0.0.1/phpinfo.php response contains all check
36 | Completed
37 | ```
38 | All detected issues will be printed on screen as shown above. While if no issue is detected, a completion message is shown as `Completd`.
39 | 
40 | ### FAQs
41 | Q. How should my domain list look like?    
42 | A sample of domain list is provided with the tool. It's basically a list of line seperated domains without no protocol.
43 | ```
44 | facebook.com
45 | twitter.com
46 | gmail.com
47 | hackerone.com
48 | bugcrowd.com
49 | ```
50 | 
51 | Q. How do I add my own test cases?    
52 | You can use [providerCreate.html](https://proabiral.github.io/inception/providerCreate.html) to generate JSON. Just fill in the details and JSON as shown below will be generated.
53 | ```
54 | [
55 |    {
56 |       "vulnerability":"Git Exposed publicly",
57 |       "sendIn":"url",
58 |       "payload":["/.git/config"],
59 |       "checkIn":"responseBody",
60 |       "checkFor":"[core]",
61 |       "color":"red"
62 |     },
63 |     {
64 |       "vulnerability": "XSS",
65 |       "sendIn": "url",
66 |       "color": "red",
67 |       "payload": [
68 |           "/?canary'\"><svg onload=alert(1)>"
69 |       ],
70 |       "checkIn": "responseBody",
71 |       "checkFor": "<svg onload=alert(1)>"
72 |     }
73 | ]
74 | ```
75 | Save the generated JSON to some file and then run the tool by providing the path to the json file with `-provider` option:
76 | ```
77 | ▶️  inception -provider /path/to/your/provider.json -d /path/to/your/domainlist.txt
78 | ```
79 | 
80 | Q. Whats with the name?    
81 | The name of tool is inspired from the movie Inception where DiCaprio steals secrets from subconscious mind of people. Similar to movie, this tool steal secrets from webserver.    
82 | Also, `inception` because this is the first tool I am open sourcing.
83 | 
84 | ### TODO
85 | 1. Add more vulnerability checks
86 | 2. Implement ReGex search in Response
87 | 3. Add key to each test case in provider.json and option to select/ignore a test case
88 | 4. Output result to file
89 | 5. Randomize User-Agent
90 | 6. Code refactor
91 | 
92 | ## Thanks 
93 | Thanks to [Iceman](https://twitter.com/Ice3man543) for reviewing the tool and suggesting this cool name.
94 | Also concurrency module has been shamelessly stolen from his [Subover project](https://github.com/Ice3man543/SubOver)
95 | 
96 | 


--------------------------------------------------------------------------------
/provider.json:
--------------------------------------------------------------------------------
  1 | [
  2 |   {
  3 |   "vulnerability":"PHP info is publicly viewable",
  4 |     "sendIn":"url",
  5 |     "payload":["/php.php","/phpinfo.php","/info.php"],
  6 |     "checkIn":"responseBody",
  7 |     "checkFor":"PHP Extension&&&&PHP API&&&&PHP Version",
  8 |     "color":"red"
  9 |   },
 10 |   {
 11 |   "vulnerability":"Server status is publicly viewable",
 12 |   "sendIn":"url",
 13 |   "payload":["/server-status"],
 14 |   "checkIn":"responseBody",
 15 |   "checkFor":"Apache Server Status&&&&Server Version&&&&CPU Usage:",
 16 |   "color":"yellow"
 17 |   },
 18 |   {
 19 |     "vulnerability":"Git Exposed publicly",
 20 |     "sendIn":"url",
 21 |     "payload":["/.git/config"],
 22 |     "checkIn":"responseBody",
 23 |     "checkFor":"[core]",
 24 |     "color":"red"
 25 |   },
 26 |     {
 27 |       "vulnerability": "Lazy File Manager",
 28 |       "sendIn": "url",
 29 |       "payload": [
 30 |         "/lfm.php"
 31 |       ],
 32 |       "checkIn": "responseBody",
 33 |       "checkFor": "Lazy File Manager",
 34 |       "color": "blue"
 35 |     },
 36 |     {
 37 |       "vulnerability": "IntelliJ IDEA WebServer config file",
 38 |       "sendIn": "url",
 39 |       "payload": [
 40 |         "/.idea/WebServers.xml"
 41 |       ],
 42 |       "checkIn": "responseBody",
 43 |       "checkFor": "name=\"WebServers\"",
 44 |       "color": "red"
 45 |     },
 46 |     {
 47 |       "vulnerability": "Symfony Database Config File",
 48 |       "sendIn": "url",
 49 |       "payload": [
 50 |         "/config/databases.yml"
 51 |       ],
 52 |       "checkIn": "responseBody",
 53 |       "checkFor": "param:&&&&class:",
 54 |       "color": "red"
 55 |     },
 56 |     {
 57 |       "vulnerability": "Rails Database Config file",
 58 |       "sendIn": "url",
 59 |       "payload": [
 60 |         "/config/database.yml"
 61 |       ],
 62 |       "checkIn": "responseBody",
 63 |       "checkFor": "database:&&&&adapter:",
 64 |       "color": "red"
 65 |     },
 66 |     {
 67 |       "vulnerability": "wsFTP ini File",
 68 |       "sendIn": "url",
 69 |       "payload": [
 70 |         "/WS_FTP.ini",
 71 |         "/ws_ftp.ini",
 72 |         "/WS_FTP.INI"
 73 |       ],
 74 |       "checkIn": "responseBody",
 75 |       "checkFor": "[_config_]",
 76 |       "color": "red"
 77 |     },
 78 |     {
 79 |       "vulnerability": "Filezilla config file",
 80 |       "sendIn": "url",
 81 |       "payload": [
 82 |         "/filezilla.xml",
 83 |         "/sitemanager.xml",
 84 |         "/FileZilla.xml"
 85 |       ],
 86 |       "checkIn": "responseBody",
 87 |       "checkFor": "<FileZilla",
 88 |       "color": "yellow"
 89 |     },
 90 |     {
 91 |       "vulnerability": "Winscp ini file ",
 92 |       "sendIn": "url",
 93 |       "payload": [
 94 |         "/winscp.ini",
 95 |         "/WinSCP.ini"
 96 |       ],
 97 |       "checkIn": "responseBody",
 98 |       "checkFor": "[Configuration]",
 99 |       "color": "yellow"
100 |     },
101 |     {
102 |       "vulnerability": "Magento Config",
103 |       "sendIn": "url",
104 |       "payload": [
105 |         "/app/etc/local.xml"
106 |       ],
107 |       "checkIn": "responseBody",
108 |       "checkFor": "Mage&&&&<config",
109 |       "color": "yellow"
110 |     },
111 |     {
112 |       "vulnerability": "Key Detected",
113 |       "sendIn": "url",
114 |       "payload": [
115 |         "/privatekey.key",
116 |         "/myserver.key",
117 |         "/key.pem",
118 |         "/id_rsa",
119 |         "/id_dsa",
120 |         "/.ssh/id_rsa",
121 |         "/.ssh/id_dsa"
122 |       ],
123 |       "checkIn": "responseBody",
124 |       "checkFor": "BEGIN EC PRIVATE KEY||||BEGIN DSA PRIVATE KEY||||BEGIN RSA PRIVATE KEY||||BEGIN PRIVATE KEY",
125 |       "color": "red"
126 |     },
127 |     {
128 |       "vulnerability": ".env file detected",
129 |       "sendIn": "url",
130 |       "payload": [
131 |         "/.env"
132 |       ],
133 |       "checkIn": "responseBody",
134 |       "checkFor": "DB_PASSWORD=||||APP_ENV=",
135 |       "color": "red"
136 |     }
137 |   ]
138 | 


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"io/ioutil"
  6 | 	"os"
  7 | 	"bufio"
  8 | 	"github.com/parnurzeal/gorequest"
  9 | 	"strings"
 10 | 	"encoding/json"
 11 | 	"sync"
 12 | 	"crypto/tls"
 13 | 	"time"
 14 | 	"flag"
 15 | 	."github.com/logrusorgru/aurora"
 16 | )
 17 | 
 18 | type Provider struct{
 19 | 	Vulnerability string `json:"vulnerability"`
 20 | 	SendIn string `json:"sendIn"`
 21 | 	Payload []string `json:"payload"`
 22 | 	CheckIn string `json:"checkIn"`
 23 | 	CheckFor string `json:"checkFor"`
 24 | 	Color string `json:"color"`
 25 | }
 26 | 
 27 | func color(c string,text string) Value  {
 28 | 	switch c {
 29 | 	case "blue":
 30 | 		return Bold(Blue(text))
 31 | 	case "red":
 32 | 		return Bold(Red(text))
 33 | 	case "yellow":
 34 | 		return Bold(Brown(text))
 35 | 	default:
 36 | 		return Bold(Red(text))
 37 | 	}
 38 | }
 39 | 
 40 | var myProvider []Provider
 41 | 
 42 | var (
 43 | 	DomainList   string
 44 | 	Threads      int
 45 | 	Verbose      bool
 46 | 	ProviderFile string
 47 | 	Timeout      int
 48 | )
 49 | 
 50 | var (
 51 | 	delimiter string
 52 | 	ifVulnerable bool
 53 | 	match string
 54 | )
 55 | 
 56 | func readFile(file string) string{
 57 | 	contentByte, err := ioutil.ReadFile(file)
 58 | 	errCheck(err)
 59 | 	content := string(contentByte)
 60 | 	return content
 61 | }
 62 | 
 63 | func readLines(file string) []string{
 64 | 	domainSrc, err := os.Open(file)
 65 | 	errCheck(err)
 66 | 	defer domainSrc.Close()   //defer executes at end of function
 67 | 	scanner := bufio.NewScanner(domainSrc)
 68 | 	domains := []string{}
 69 | 	for scanner.Scan(){
 70 | 		domain := scanner.Text()
 71 | 		domains = append(domains, domain)
 72 | 	}
 73 | 	return domains
 74 | }
 75 | 
 76 | func errCheck(err error) {
 77 | 	if err != nil {
 78 | 		fmt.Println(err)
 79 | 	}
 80 | }
 81 | 
 82 | func request(domain string, provider Provider) {
 83 | 		if provider.SendIn == "url" {
 84 | 			for _, payload := range (provider.Payload) {
 85 | 				url := "http://" + domain + payload
 86 | 				response, body, err := gorequest.New().
 87 | 					TLSClientConfig(&tls.Config{ InsecureSkipVerify: true}).
 88 | 					Timeout(time.Second*10).
 89 | 					Get(url).
 90 | 					Set("User-Agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36").
 91 | 					End()
 92 | 
 93 | 				if Verbose {
 94 | 					fmt.Println(url)
 95 | 					if err != nil {
 96 | 						fmt.Println(err)
 97 | 					}
 98 | 				}
 99 | 				checker(domain, response, body, provider, payload)
100 | 			}
101 | 
102 | 		} else if provider.SendIn == "header" {
103 | 			url := "http://" + domain
104 | 			//need to rewrite , need to better represent in json
105 | 			for i := 0; i < len(provider.Payload); i += 2 {
106 | 				response, body, err := gorequest.New().
107 | 					TLSClientConfig(&tls.Config{ InsecureSkipVerify: true}).
108 | 					Timeout(time.Second*10).
109 | 					Get(url).
110 | 					Set(provider.Payload[i], provider.Payload[i+1]).
111 | 					Set("User-Agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36").
112 | 					End()
113 | 
114 | 			if Verbose {
115 | 				fmt.Println(url, provider.Payload[i], provider.Payload[i+1])
116 | 				if err != nil {
117 | 					fmt.Println(err)
118 | 				}
119 | 			}
120 | 				checker(domain, response, body, provider, provider.Payload[i])
121 | 
122 | 			}
123 | 		}
124 | }
125 | 
126 | func checkerLogic(checkAgainst string, stringToCheck []string) (bool,string){   //need a better logic to shorten this function
127 | 
128 | 	isCompleteMatch := true
129 | 
130 | 	matches := 0
131 | 
132 | 	for _,checkfor:= range stringToCheck{
133 | 		if strings.Contains(checkAgainst,checkfor){  //checkAgainst body , checkFor string like [core]
134 | 			matches += 1
135 | 			// returns immediately in case of |||| delimiter for match so that other test can be omitted
136 | 			if delimiter=="||||"{
137 | 				return true,checkfor //vulnerable
138 | 			}
139 | 		} else {
140 | 			isCompleteMatch = false
141 | 			// returns immediately in case of &&&& if one no match so that other test can be omitted
142 | 			if delimiter=="&&&&"{
143 | 				return false,"not vulnerable" //not vulnerable
144 | 			}
145 | 		}
146 | 	}
147 | 
148 | 	if matches==0{
149 | 		return false,"not vulnerable"
150 | 	}
151 | 
152 | 	if isCompleteMatch==true{
153 | 		return true,"all check"
154 | 	}
155 | 	return true,"Error, check code returned from last return statement" //  golang throws error without return at end, all return statements are inside if else so golang needs to make sure if function returns
156 | }
157 | 
158 | func printFunc(provider Provider, domain string, payload string){
159 | 	if ifVulnerable {
160 | 		if provider.SendIn == "url" {
161 | 			fmt.Println("Issue detected :", color(provider.Color, provider.Vulnerability), "http://"+domain+payload, "response contains", match)
162 | 		} else {
163 | 			fmt.Println("Issue detected :", color(provider.Color, provider.Vulnerability), domain, "Payload Send",payload, "response contains", match)
164 | 		}
165 | 	}
166 | }
167 | 
168 | func checker(domain string, response gorequest.Response, body string,  provider Provider, payload string)  {
169 | 
170 | 	var stringToCheck []string
171 | 
172 | 	if strings.Contains(provider.CheckFor,"&&&&"){
173 | 		stringToCheck=strings.Split(provider.CheckFor,"&&&&")
174 | 		delimiter="&&&&"
175 | 	} else {
176 | 		stringToCheck=strings.Split(provider.CheckFor,"||||")
177 | 		delimiter="||||"
178 | 	}
179 | 
180 | 	//color:=provider.Color
181 | 	if provider.CheckIn == "responseBody"{
182 | 		ifVulnerable,match=checkerLogic(body,stringToCheck)
183 | 		printFunc(provider,domain,payload)
184 | 	}	else{
185 | 			var responseHeaders string
186 | 			for headerName, value := range response.Header {
187 | 				responseHeaders+=headerName+": "+value[0]+"\n"
188 | 			}
189 | 			ifVulnerable, match= checkerLogic(responseHeaders, stringToCheck)
190 | 			printFunc(provider,domain,payload)
191 | 	}
192 | }
193 | 
194 | func main() {
195 | 
196 | 	path:=os.Getenv("GOPATH")+"/src/github.com/proabiral/inception/"
197 | 
198 | 	flag.IntVar(&Threads,"t",200,"No of threads")
199 | 	flag.StringVar(&ProviderFile,"provider",path+"provider.json","Path of provider file")
200 | 	flag.StringVar(&DomainList,"d",path+"domains.txt","Path of list of domains to run against")
201 | 	flag.BoolVar(&Verbose,"v",false,"Verbose mode")
202 | 	flag.IntVar(&Timeout,"timeout",10,"HTTP request Timeout")
203 | 	flag.Parse()
204 | 
205 | 	contentJson := readFile(ProviderFile)
206 | 
207 | 	err := json.Unmarshal([]byte(contentJson), &myProvider)
208 | 	errCheck(err)
209 | 
210 | 	domains := readLines(DomainList)
211 | 
212 | 	hosts := make(chan string, Threads)
213 | 	providerC := make(chan Provider)
214 | 	processGroup := new(sync.WaitGroup)
215 | 	processGroup.Add(Threads)
216 | 
217 | 	for i := 0; i < Threads; i++ {
218 | 		go func() {
219 | 			for {
220 | 				host := <-hosts
221 | 				providerS := <- providerC
222 | 
223 | 				if host == "" {
224 | 					break
225 | 				}
226 | 				request(host,providerS)
227 | 			}
228 | 			processGroup.Done()
229 | 		}()
230 | 	}
231 | 
232 | 	for _, provider := range (myProvider) {
233 | 		for _, domain := range (domains) {
234 | 			hosts <- domain
235 | 			providerC <- provider
236 | 		}
237 | 	}
238 | 
239 | 	close(hosts)
240 | 	close(providerC)
241 | 	processGroup.Wait()
242 | 
243 | 	fmt.Println("Completed")
244 | }


--------------------------------------------------------------------------------
/providerCreate.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | 
  4 | 
  5 | <script> 
  6 | 
  7 |     const hintText="{{ Fill details above for new test case }}"
  8 | 
  9 | 
 10 |     const PayloadHeaderDiv="<div id=\"payloadHeaderDiv\"> Header Name <input type=\"text\" name=\"payload1\" required class=\"payload\">  Header Value <input type=\"text\" name=\"payload2\" class=\"payload\" required><input type=\"button\" value=\"+\" onclick=\"addPayloadField()\"><input id=\"minusbuttonID\" type=\"button\" value=\"-\" onclick=\"minusButton(this)\"><br> <br> </div>"
 11 | 
 12 |     const PayloadBodyDiv="<div id=\"payloadBodyDiv\"> Endpoint where request will be send: <input type=\"text\" name=\"payload\" class=\"payload\" required><input type=\"button\" value=\"+\" onclick=\"addPayloadField()\"><input type=\"button\" value=\"-\" onclick=\"minusButton(this)\"> <br> <br> </div>"
 13 | 
 14 |     const responseBodyDivS="<div id=\"responseDiv\"><select onchange=\"changeOption(this)\" class=\"delimiter\"> <option value=\"||||\">OR</option>    <option value=\"&&&&\">AND</option></select> <br><br> What to check for in Response Body <input type=\"text\" name=\"payload1\" class=\"response\"> <input type=\"button\" value=\"+\" onclick=\"addResponseField()\"><input id=\"minusbuttonID\" type=\"button\" value=\"-\" onclick=\"minusButton(this)\"> <br> <br> </div>"
 15 | 
 16 |     const responseBodyDiv="<div id=\"responseDiv\"> What to check for in Response Body <input type=\"text\" name=\"payload1\" class=\"response\"> <input type=\"button\" value=\"+\" onclick=\"addResponseField()\"> {Case Sensitive ; Leave empty if you want to only send request} <br> <br> </div>"
 17 | 
 18 | 
 19 |     const responseHeaderDivS="<div id=\"responseDiv\"><select onchange=\"changeOption(this)\" class=\"delimiter\"> <option value=\"||||\">OR</option>    <option value=\"&&&&\">AND</option></select> <br><br> What to check for in Response Header<input type=\"text\" name=\"payload1\" class=\"response\"> <input type=\"text\" name=\"payload2\" class=\"response\">  <input type=\"button\" value=\"+\" onclick=\"addResponseField()\"><input id=\"minusbuttonID\" type=\"button\" value=\"-\" onclick=\"minusButton(this)\"> <br> <br> </div>"
 20 | 
 21 |     const responseHeaderDiv="<div id=\"responseDiv\">What to check for in Response Header<input type=\"text\" name=\"payload1\" class=\"response\"> <input type=\"text\" name=\"payload2\" class=\"response\">  <input type=\"button\" value=\"+\" onclick=\"addResponseField()\">{Case Sensitive ; Leave empty if you want to only send request}  <br> <br> </div>"
 22 | 
 23 |     function changeOption(xoxo){
 24 |         document.querySelectorAll(".delimiter").forEach(function(element) {element.selectedIndex=xoxo.selectedIndex})
 25 |     }
 26 | 
 27 |     function payloadBody(){
 28 |         if(document.getElementById('sendIn').value == "header") {
 29 |             document.querySelector("#payloadDiv").innerHTML=PayloadHeaderDiv;
 30 |             document.getElementById('minusbuttonID').style="display:none"
 31 |         }
 32 |         else{
 33 |             document.querySelector("#payloadDiv").innerHTML=PayloadBodyDiv
 34 |         }
 35 |     }
 36 | 
 37 | 
 38 |     function responseDiv(){
 39 |         if(document.getElementById('checkIn').value == "responseHeader") {
 40 |             document.querySelector("#responseDiv").innerHTML=responseHeaderDiv;
 41 |             document.getElementById('minusbuttonID').style="display:none"
 42 |         }
 43 |         else{
 44 |            document.querySelector("#responseDiv").innerHTML=responseBodyDiv
 45 |         }
 46 |     }
 47 | 
 48 |     jsonIndex=0
 49 |     function jsonGenerator() {
 50 | 
 51 |         json[jsonIndex]=new Object();
 52 |         json[jsonIndex].vulnerability=document.querySelector("#vulnerability").value
 53 |         json[jsonIndex].sendIn=document.querySelector("#sendIn").value
 54 |         json[jsonIndex].color=document.querySelector("#color").value
 55 |         json[jsonIndex].payload=new Array();
 56 |        // json[0].payload[0]=document.querySelector("#payload").value
 57 | 
 58 |         x=document.querySelectorAll("#payloadDiv input[type=\"text\"]")
 59 |         for (var i = 0; i < x.length; i++) {
 60 |             json[jsonIndex].payload[i]=x[i].value;
 61 |             }
 62 | 
 63 |         json[jsonIndex].checkIn=document.querySelector("#checkIn").value
 64 | 
 65 |         y=document.querySelectorAll(".response")
 66 | 
 67 |         json[jsonIndex].checkFor=""
 68 | 
 69 |         document.querySelector("#sendIn").value
 70 | 
 71 |         if(document.getElementById('checkIn').value == "responseBody") { 
 72 |             for (var i=0; i < y.length; i++){
 73 |                 if (i==0){
 74 |                     json[jsonIndex].checkFor=y[i].value
 75 |                 }
 76 |                 else if (y[i].value !== ""){
 77 |                     delimiter=document.querySelector(".delimiter").value
 78 |                     json[jsonIndex].checkFor=y[i].value+delimiter+json[jsonIndex].checkFor
 79 |                 }
 80 |             }
 81 |          }
 82 | 
 83 |         else{
 84 |             for (var i=0; i < y.length; i+=2){
 85 |                 if (i==0){
 86 |                     json[jsonIndex].checkFor=y[i].value+": "+y[i+1].value
 87 |                 }
 88 |                 else if (y[i].value !== ""){
 89 |                     delimiter=document.querySelector(".delimiter").value
 90 |                     json[jsonIndex].checkFor=y[i].value+": "+y[i+1].value+delimiter+json[jsonIndex].checkFor
 91 |                 }
 92 |             }
 93 |         }
 94 |         
 95 |     }
 96 |     
 97 |     function addPayloadField() {
 98 |         if(document.getElementById('sendIn').value == "header") {
 99 |             document.querySelector("#payloadDiv").insertAdjacentHTML("beforeend",PayloadHeaderDiv)
100 |         }
101 | 
102 |         else{
103 |             document.querySelector("#payloadDiv").insertAdjacentHTML("beforeend",PayloadBodyDiv)
104 |         }
105 |     }
106 | 
107 |     function addResponseField(){
108 |         if(document.getElementById('checkIn').value == "responseBody") {       
109 |             document.querySelector("#responseDiv").insertAdjacentHTML("beforeend",responseBodyDivS)
110 |         }
111 |         else{
112 |             document.querySelector("#responseDiv").insertAdjacentHTML("beforeend",responseHeaderDivS)
113 |         }   
114 |             document.querySelectorAll(".delimiter").forEach(function(element) {element.selectedIndex=document.querySelector('.delimiter').selectedIndex})
115 |     }
116 | 
117 |     function minusButton(xoxo){
118 |         xoxo.parentElement.parentElement.removeChild(xoxo.parentElement)
119 |     }
120 | 
121 |     function vulnerabilityIsEmpty(){
122 |         if (document.forms[0].vulnerability.value=="") {
123 |             alert("fill up the vulnerability details")
124 |             return true
125 |          }
126 |          else{
127 |             return false
128 |          }
129 |      }
130 |       
131 | 
132 |     function payloadIsEmpty(){
133 |         var payloadFieldArray=document.querySelectorAll(".payload")
134 |         for (var i = 0; i < payloadFieldArray.length; i++) {
135 |             if (payloadFieldArray[i].value==""){
136 |                     alert("fill up all payload section")
137 |                     return true
138 |             }
139 |             else{
140 |                 return false
141 |             }
142 |         }
143 |     }
144 |     
145 |     function isNotEmpty(){
146 |         if (!vulnerabilityIsEmpty() && !payloadIsEmpty()){
147 |             return true
148 |          }
149 |     }
150 | 
151 | 
152 |     function saveValue(){
153 | 
154 |     }
155 | 
156 |     function moreVulnerability(xoxo){
157 |         if (isNotEmpty()){
158 |             console.log("works")
159 |             jsonGenerator();
160 |             jsonIndex++;
161 | 
162 |             previousValueCheckIn = document.querySelector("#checkIn").value
163 |             previousValueSendIn = document.querySelector("#sendIn").value
164 | 
165 |             if (document.querySelector(".delimiter")){
166 |                 previousID = document.querySelector(".delimiter").selectedIndex
167 |             }
168 |             xoxo.form.reset();
169 |             document.querySelector("#checkIn").value = previousValueCheckIn  
170 |             document.querySelector("#sendIn").value = previousValueSendIn
171 | 
172 |             document.querySelectorAll(".delimiter").forEach(function(element) {element.selectedIndex=previousID})
173 |             document.querySelector('#jsonOutput').value=JSON.stringify(json, null, 4)
174 |             document.getElementById('hint').innerText=hintText;
175 |             }
176 |     }
177 | 
178 | 
179 |     function jsonPrint(xoxo){
180 |         if (isNotEmpty()){ 
181 |             jsonGenerator()
182 | 
183 |             previousValueCheckIn = document.querySelector("#checkIn").value
184 |             previousValueSendIn = document.querySelector("#sendIn").value
185 | 
186 |             xoxo.form.reset()
187 | 
188 |             document.querySelector("#checkIn").value = previousValueCheckIn
189 |             document.querySelector("#sendIn").value = previousValueSendIn  //restoring to previous value
190 | 
191 |             document.querySelector('#jsonOutput').value=JSON.stringify(json, null, 4)
192 |         }
193 | }
194 | </script>
195 | 
196 | 
197 | <body onload="json=new Array();">
198 |     <h1>
199 |         Create json file for provider
200 |     </h1>
201 | 
202 |     <form>
203 |     Vulnerability Name:
204 |     <input type="text" name="vulnerability" id="vulnerability" required> <br><br>
205 | 
206 |    Send payload in:
207 |     <select name="sendIn" id="sendIn" onchange="payloadBody()">
208 |         <option value="url">URL</option>
209 |         <option value="header">Request Header</option>
210 |     </select> <br><br> <!--drop down url | header -->
211 | 
212 |     <div id="payloadDiv">
213 |         <div id="payloadHeaderDiv">
214 |             Endpoint where request will be send:
215 |             <input type="text" class="payload" required> <input type="button" value="+" onclick="addPayloadField()"> <br><br>
216 |         </div>
217 |     </div>
218 | 
219 |    Check in
220 |     <select name="checkIn" id="checkIn" onchange="responseDiv()">
221 |         <option value="responseBody">Response Body</option>
222 |         <option value="responseHeader">Response Header</option>
223 |     </select> <br><br> <!-- drop down responseBody -->
224 | 
225 |     <div id="responsePdiv">
226 |         <div id="responseDiv">
227 |               What to check for in Response Body<input type="text" name="checkFor" class="response" id="checkFor" required> <input type="button" value="+" onclick="addResponseField()"> {Case Sensitive ; Leave empty if you want to only send request}  <br><br>
228 |         </div>
229 |     </div>
230 | 
231 |    Severity to Assign
232 |     <select name="color" id="color">
233 |         <option value="red">High</option>
234 |         <option value="yellow">Medium</option>
235 |         <option value="blue">Low</option>
236 |     </select> <br>
237 | 
238 |     <input type="button" value="Add more vulnerabilities" onclick="moreVulnerability(this);">
239 | 
240 | <div id="hint"> </div>
241 |     <br> <br>
242 | 
243 |     <input type="button" value="Generate JSON" onclick="jsonPrint(this)">
244 | 
245 |     <br>
246 | 
247 |     </form>
248 | 
249 |     <textarea id="jsonOutput" rows="80" cols="90">
250 | 
251 |     </textarea>
252 | 
253 | </body>
254 | 
255 | 
256 | 
257 | <style>
258 | 
259 |     body {
260 |     display: block;
261 |     margin: 8px;
262 |     margin-top: 8px;
263 |     margin-right: 20%;
264 |     margin-left: 20%;
265 | }
266 | 
267 | </style>
268 | 
269 | 
270 | </html>


--------------------------------------------------------------------------------