Enigma7
Email Campaign Revenue Specialist
LEVEL 1
300 XP
Hey Folks, In this tutorial we are going to talk about an amazing tool called “PwnXSS“. It’s an open source tool available on github that is specially designed to find cross site scripting vulnerability (XSS) on web applications. Now let’s examine the main feature of this tool.
Main Features
- Advanced error handling
- POST and GET forms are supported
- Many Settings that can be Customized
- Crawling all links on a website
- Multiprocessing support
Lets take a look
!!Installation
It time to configure this tool on terminal. As you know that we make everything easy and likewise we will install and configure this tool in few steps. Now first we have to download it from github by using git command.
git clone https://github.com/pwn0sec/PwnXSS1git clone
Loading…
github.com
Now we give chmod permission of the downloaded folder and go to the directory. Installation is Completed
!! After doing all that we can boot this tool by using python command.Note : We are using the given website only for testing purposes.
chmod 755 -R PwnXSS
cd PwnXSS
python3 pwnxss.py --help123chmod755-RPwnXSScd PwnXSSpython3 pwnxss.py--help
Got it
!! Finally we got the exact location of the vulnerability parameter which is “cat=“. Furthermore, it places us vulnerabilities with combined xss payloads through which we can directly test vulnerabilities by executing them.python3 pwnxss.py -u http://testphp.vulnweb.com1python3 pwnxss.py-u
Loading…
testphp.vulnweb.com
Done
!! As you can see the tools for finding xss vulnerabilities work fine and when we execute the given URL on the web browser the results are comes very impressive.