Injection

XSSHunter

Repo: https://github.com/mandatoryprogrammer/xsshunter

Info: This is a portable version of the source code running on https://xsshunter.com. It is designed to be easily-installable on any server for security professionals and bug bounty hunters who wish to test for XSS in a much more powerful way.

If you don't want to set up this software and would rather just start testing, see https://xsshunter.com.

XSStrike

Repository: https://github.com/s0md3v/XSStrike/

Usage: https://github.com/s0md3v/XSStrike/wiki/Usage

Scan a single URL

Option: -u or --url

Test a single webpage which uses GET method.

python xsstrike.py -u "http://example.com/search.php?q=query"

Supplying POST data

python xsstrike.py -u "http://example.com/search.php" --data "q=query"

Testing URL path components

Option: --path

Want to inject payloads in the URL path like http://example.com/search/<payload>, you can do that with --path switch.

python xsstrike.py -u "http://example.com/search/form/query" --path

Treat POST data as JSON

Option: --json

This switch can be used to test JSON data via POST method.

python xsstrike.py -u "http://example.com/search.php" --data '{"q":"query"}' --json

Using Proxies

Option: --proxy (Default 0.0.0.0:8080)

You have to set up your prox(y|ies) in core/config.py and then you can use the --proxy switch to use them whenever you want. More information on setting up proxies can be found here.

python xsstrike.py -u "http://example.com/search.php?q=query" --proxy

tplmap

Repo: https://github.com/epinna/tplmap

Info: Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.

The tool and its test suite are developed to research the SSTI vulnerability class and to be used as offensive security tool during web application penetration tests.

The sandbox break-out techniques came from James Kett's Server-Side Template Injection: RCE For The Modern Web App, other public researches [1] [2], and original contributions to this tool [3] [4].

It fully compromises the server exploiting several code context and blind injection scenarios. It also supports eval()-like code injections in Python, Ruby, PHP, Java and generic unsandboxed template engines.

Sleepy Puppy

Repo: https://github.com/Netflix/sleepy-puppy

Info: Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.

Commix

Repo: https://github.com/commixproject/commix

Info: Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

XSS Radar

Repo: https://github.com/bugbountyforum/XSS-Radar

Info: XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.

PreviousWAF Detection/ EvasionNextGraphQL

Last updated