Wed. Nov 20th, 2019

Ethical Hacking Playground

hacking is curiosity

Cross Site Scripting Discovery With XSSPwn

1 min read

Today, I will be showing you how to automatically test for Cross-Site-Scripting vulnerabilities with a tool I made called xsspwn.

How does it work?

Xsspwn is a Cross-Site-Scripting Testing tool, It will attempt to Inject payloads into a parameter for testing and when the scan finishes it will output all the potential Injections found.

Scan output

xsspwn02

Brute forcing

Sometimes, you need to login before you start testing, xsspwn has the option to brute force the login credentials to the scan for potential xss vulnerabilities.

Bruteforce Output

xsspwn01

Injections Output

xsspwn03.PNG

The tool can be download from git hub.

https://github.com/ethicalhackingplayground/xsspwn

Download it:

git clone https://github.com/ethicalhackingplayground/xsspwn.git

to install it type:

python install.py

Bug Fixes

  • There is no need for tor, I had problems with that implemented.
  • I fixed a bug where it said it only found 2 Injections.

DEMO:



Advertisements

Leave a Reply