-
XSS Tools
As I’m working on a new XSS course, I wanted to share some of the tools that I’ll be demonstrating, that I’ve come across during research, or that I’ve used in the past, with a quick explanation of what it is and how it works.
XSS Detection and exploitation
There are many others, but these are ones I’ve found that are still maintained and don’t have too many bugs.
Do you know of any other good ones? Please share below!
XSStrike
Generates payloads, has a fuzzing engine, fast crawler, and uses multiple parsers to analyze responses. It also includes parameter discovery, WAF detection, and it includes a scanner for DOM XSS
Basic usage:
python xsstrike.py -u "http://target.com/search.php?q=query"
XSSer
Includes over 1,300 XSS attack vectors with several options to try and bypass certain filters. Also includes a GUI, although I’ve found it can be a bit of a pain to use with some applications.
python xsser --gtk
ezXSS
Designed to help detect blind XSS by setting up a dashboard with statistic, payloads, and view/share/search reports. You can get instant email alerts when something is detected. Can be installed with Apache, NGINX, or Docker.
Live demo is available at https://demo.ezxss.com/manage with password demo1234
XSS Hunter
You can set it up on your own from GitHub or you can go to https://xsshunter.com/
You get a custom subdomain to generate your payloads, like this:
">
When a vulnerability is found, it collects the information and sends it over to you.
BeEF
BeEF is a Browser Exploitation Framework. It essentially ‘hooks’ user browsers and uses them as beachheads to launch further attacks. This framework isn’t necessarily just used for XSS, but you can use it with XSS attacks because you can deliver the BeEF hook in your XSS payload, and it will then communicate back with your BeEF installation every few seconds to keep the connection going.
Once you’ve hooked a browser, you can use all kinds of command modules against the hooked browser.
Sorry, there were no replies found.
Log in to reply.