Merge branch 'main' into dependabot/cargo/reqwest-0.12.5

pwnwriter · Jun 20, 2024 · ff6c413 · ff6c413
2 parents 8374342 + c176f14
commit ff6c413
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/README.md b/README.md
@@ -171,6 +171,19 @@ wget -qO- "$(curl -qfsSL "https://github.com/gitapi/repos/pwnwriter/haylxon/release
   ![screenshot_2024-01-09_20-36-27](https://github.com/pwnwriter/haylxon/assets/90331517/2c0579ae-ca88-472a-a448-29d8accfcab6)
 
   
+</details>
+
+- <details> <summary><code> Arbitary javascript 🏺 </code></summary>
+    &nbsp;
+   
+   ```bash
+   hxn -b $(which brave) -u <url> --javascript "javascript code here". 
+
+     ```
+   <img width="723" alt="Screenshot 2024-06-20 at 13 52 00" src="https://github.com/pwnwriter/haylxon/assets/90331517/d86c7416-b79f-4bb4-8191-059f6be74bba">
+
+
+  
 </details>
 
 

diff --git a/src/cli/args.rs b/src/cli/args.rs
@@ -76,6 +76,10 @@ pub struct Cli {
     /// Accept invalid certs, trust dns
     #[arg(long)]
     pub accept_invalid_certs: bool,
+
+    /// Run arbiraty javascript
+    #[arg(long)]
+    pub javascript: Option<String>,
 }
 
 #[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum)]

diff --git a/src/cli/exec.rs b/src/cli/exec.rs
@@ -29,6 +29,7 @@ pub async fn run(
         screenshot_type,
         ports,
         accept_invalid_certs,
+        javascript,
     }: Cli,
 ) -> anyhow::Result<()> {
     let browser = Path::new(&binary_path);
@@ -92,7 +93,7 @@ pub async fn run(
         }
     }
 
-    if stdin {
+    let is_screenshot_taken = if stdin {
         env::set_current_dir(dump_dir)?;
         let urls = super::hxn_helper::read_urls_from_stdin(ports)?;
         take_screenshot_in_bulk(
@@ -105,8 +106,9 @@ pub async fn run(
             fullpage,
             screenshot_type,
             accept_invalid_certs,
+            javascript,
         )
-        .await?;
+        .await
     } else {
         match (url, file_path) {
             (None, Some(file_path)) => {
@@ -122,8 +124,9 @@ pub async fn run(
                     fullpage,
                     screenshot_type,
                     accept_invalid_certs,
+                    javascript,
                 )
-                .await?;
+                .await
             }
             (Some(url), None) => {
                 let urls = if let Some(ports) = ports {
@@ -142,17 +145,22 @@ pub async fn run(
                     fullpage,
                     screenshot_type,
                     accept_invalid_certs,
+                    javascript,
                 )
-                .await?;
+                .await
             }
             _ => unreachable!(),
         }
-    }
-
-    info(
-        format!("Screenshots Taken and saved in directory {}", outdir.bold()),
-        colored::Color::Cyan,
-    );
+    };
 
-    Ok(())
+    match is_screenshot_taken {
+        Ok(_) => {
+            info(
+                format!("Screenshots Taken and saved in directory {}", outdir.bold()),
+                colored::Color::Cyan,
+            );
+            Ok(())
+        }
+        Err(e) => Err(e),
+    }
 }
diff --git a/src/cli/screenshot.rs b/src/cli/screenshot.rs
@@ -23,12 +23,14 @@ pub async fn take_screenshot_in_bulk(
     full_page: bool,
     screenshot_type: ScreenshotType,
     danger_accept_invalid_certs: bool,
+    javascript: Option<String>,
 ) -> anyhow::Result<()> {
     let url_chunks: Vec<Vec<_>> = urls.chunks(tabs).map(ToOwned::to_owned).collect();
     let mut handles = Vec::with_capacity(url_chunks.len());
 
     for urls in url_chunks {
         let browser = Arc::clone(browser);
+        let js = javascript.clone(); // Clone the JavaScript for each chunk
         let handle = tokio::spawn(async move {
             for url in urls {
                 if let Err(error) = take_screenshot(
@@ -40,6 +42,7 @@ pub async fn take_screenshot_in_bulk(
                     full_page,
                     screenshot_type,
                     danger_accept_invalid_certs,
+                    js.clone(), // Pass the JavaScript code
                 )
                 .await
                 {
@@ -67,6 +70,7 @@ pub async fn take_screenshot(
     full_page: bool,
     screenshot_type: ScreenshotType,
     danger_accept_invalid_certs: bool,
+    javascript: Option<String>,
 ) -> anyhow::Result<()> {
     let parsed_url = Url::parse(&url)?;
     let client = reqwest::Client::builder()
@@ -90,6 +94,20 @@ pub async fn take_screenshot(
     };
     let page = browser.new_page(parsed_url.clone()).await?;
     tokio::time::sleep(Duration::from_secs(delay)).await;
+
+
+    // Evaluate JavaScript if provided
+    if let Some(js) = javascript {
+        let result = page.evaluate(js.as_str()).await;
+        match result {
+            Ok(_) => log::info(
+                "JavaScript executed successfully".to_string(),
+                colored::Color::Magenta,
+            ),
+            Err(e) => log::warn(format!("JavaScript execution failed: {:?}", e)),
+        }
+    }
+
     page.save_screenshot(
         ScreenshotParams::builder()
             .format(screenshot_format)