inspect-form.js•4.24 kB
// Script to inspect the SpiderFoot new scan form
const axios = require('axios');
const cheerio = require('cheerio');
const SPIDERFOOT_URL = 'http://localhost:5001';
async function inspectForm() {
try {
console.log('Fetching the new scan page...');
const response = await axios.get(`${SPIDERFOOT_URL}/newscan`, {
headers: {
'Accept': 'text/html',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
}
});
console.log('Response status:', response.status);
console.log('Response headers:', response.headers);
const $ = cheerio.load(response.data);
// Log basic page info
console.log('\n=== Page Info ===');
console.log('Title:', $('title').text().trim());
// Find all forms
const forms = $('form');
console.log(`\nFound ${forms.length} forms on the page`);
forms.each((i, form) => {
console.log(`\n=== Form #${i + 1} ===`);
console.log('Action:', $(form).attr('action') || 'Not specified (defaults to current URL)');
console.log('Method:', $(form).attr('method') || 'GET');
// Find all form inputs
const inputs = $(form).find('input, select, textarea, button');
console.log(`\nForm has ${inputs.length} input elements:`);
inputs.each((j, input) => {
const $input = $(input);
console.log(`\nInput #${j + 1}:`);
console.log('- Type:', $input.attr('type') || 'N/A');
console.log('- Name:', $input.attr('name') || 'unnamed');
console.log('- ID:', $input.attr('id') || 'N/A');
console.log('- Value:', $input.attr('value') || 'N/A');
console.log('- Checked:', $input.prop('checked') ? 'Yes' : 'No');
console.log('- Attributes:');
// Log all attributes
$input.each((k, el) => {
const attrs = el.attributes || [];
for (let attr of attrs) {
console.log(` - ${attr.name}: ${attr.value}`);
}
});
});
});
// Look for any JavaScript that might be handling form submission
const scripts = $('script');
console.log(`\nFound ${scripts.length} script tags`);
let formHandlers = [];
scripts.each((i, script) => {
const scriptContent = $(script).html() || '';
if (scriptContent.includes('form') &&
(scriptContent.includes('submit') || scriptContent.includes('onsubmit'))) {
formHandlers.push({
scriptNum: i + 1,
preview: scriptContent.substring(0, 200) + '...' // First 200 chars
});
}
});
if (formHandlers.length > 0) {
console.log('\nFound potential form submission handlers:');
formHandlers.forEach(handler => {
console.log(`\nScript #${handler.scriptNum}:`);
console.log(handler.preview);
});
}
// Look for CSRF tokens in meta tags
const csrfMeta = $('meta[name="csrf-token"]');
if (csrfMeta.length > 0) {
console.log('\nFound CSRF token in meta tag:', csrfMeta.attr('content'));
} else {
console.log('\nNo CSRF token found in meta tags');
}
// Look for CSRF tokens in forms
const csrfInputs = $('input[name^="csrf"], input[name$="csrf"], input[name*="csrf"]');
if (csrfInputs.length > 0) {
console.log('\nFound potential CSRF inputs:');
csrfInputs.each((i, input) => {
const $input = $(input);
console.log(`- Name: ${$input.attr('name')}, Value: ${$input.attr('value') || 'empty'}`);
});
} else {
console.log('\nNo CSRF token inputs found in forms');
}
console.log('\nInspection complete!');
} catch (error) {
console.error('Error inspecting form:', error.message);
if (error.response) {
console.error('Response status:', error.response.status);
console.error('Response headers:', error.response.headers);
console.error('Response data (first 500 chars):',
typeof error.response.data === 'string'
? error.response.data.substring(0, 500)
: JSON.stringify(error.response.data).substring(0, 500));
}
process.exit(1);
}
}
inspectForm();