Final Update

Author: PSNAppz

app/Http/Controllers/HomeController.php

@@ -39,9 +39,16 @@ public function index()
     }
     public function script(Request $request)
     {
+        $xss=0;
+        $inj=0;
+        $head=0;
+        $crs=null;
+        $sql=null;
         $url = $request->get('url');
         $save = $request->get('log');
-        $process = new Process('cd ViPER && python3 viper.py -u '.$url);
+        $cross = $request->get('xss');
+        $sqli = $request->get('inj');
+        $process = new Process('cd ViPER && python3 ViPER.py -u '.$url.' -a');
         $process->setTimeout(3600);
         $process->run(function ($type, $buffer){
         });
@@ -51,15 +58,41 @@ public function script(Request $request)
         $user = Auth::user();
         $user->scans +=1;
         $user->save();
+        if(strpos ($echo,'200')!=false ){
+            $head=substr_count($echo, "200");
+            $head = ($head/6)*100;
+        }
+        $xss=substr_count($echo, "Vulnerable to Clickjacking");
+        $xss = ($xss/1)*100;
+        $inj=substr_count($echo, "SQL Injection!");
+        $inj-=4;
+        $inj = ($inj/4)*100;
         if($save){
             $log = new Log();
             $log->url = $source;
             $log->user_id=$user->id;
             $log->output=$process->getOutput();
             $log->save();
         }
+        if($cross){
+            $process = new Process('cd ViPER && python3 ViPER.py -u '.$url.' -A3');
+            $process->setTimeout(3600);
+            $process->run(function ($type, $buffer){
+            });
+            $crs = $process->getOutput();
+
+        }
+        if($sqli){
+            $process = new Process('cd ViPER && python3 ViPER.py -u '.$url.' -A1');
+            $process->setTimeout(3600);
+            $process->run(function ($type, $buffer){
+            });
+            $sql = $process->getOutput();
+
+        }
 
-        return view('results')->withEcho($echo)->withSource($source);
+        $overall=(($head+$inj+$xss)/300)*100;
+        return view('results')->withEcho($echo)->withSource($source)->withXss($xss)->withInj($inj)->withHead($head)->withCrs($crs)->withSql($sql)->withOverall($overall);
 
     }
     public function delete($id){

public/ViPER/modules/Cookie.py

@@ -1,6 +1,6 @@
-#import base64
+import base64
 import requests
-#from urllib.parse import urlparse
+from termcolor.termcolor import colored, cprint
 
 
 class Cookie():
@@ -10,21 +10,37 @@ class Cookie():
     def __init__(self):
         pass
 
+    def execute_all_func(self, target):
+        try:
+            self.get_cookie(target)
+        except:
+            cprint("Errror Getting Cookies", "red")
+        try:
+            self.decode_cookie(target)
+        except:
+            cprint("Error Decoding Cookies (base64)", "red")
+
     def get_cookie(self, target):
+        cprint("[*]Getting Cookie", "yellow")
         req = requests.get(target)
         c = req.cookies
         i = c.items()
-        for name, value in i:
-            print(name, value)
+        if i:
+            for name, value in i:
+                print(name, value)
+        else:
+            cprint("No cookies found", "red")
 
-"""    def decode_cookie(self, target):
+    def decode_cookie(self, target):
+        cprint("")
+        cprint("[*]Decoding Cookie", "yellow")
         req = requests.get(target)
         c = req.cookies
         i = c.items()
         for name, value in i:
-            rep = ""
-            b64 = ""
-            rep = value.replace("%3D", "=")
-            b64 = base64.b64decode(rep)
-            print(b64)
-"""
+                b64 = value.replace("%3D", "=")
+                try:
+                    b64 = base64.b64decode(b64).decode('ascii')
+                except:
+                    print("")
+                print(name, b64)