• We just launched and are currently in beta. Join us as we build and grow the community.

XSSMAP – Intelligent XSS Vulnerability Finder Tool

Jeffmarsh

Satire Specialist
J
J Rep
0
0
0
Rep
0
J Vouches
0
0
0
Vouches
0
Posts
58
Likes
30
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 300 XP
Simple-Purple-and-White-Creative-Studio-Brand-Guidelines-Presentation.png


Hey Folks, In this tutorial we are going to discuss an XSS vulnerability finder called an “xssmap“. If you are a beginner then we can recommend this tool otherwise there is nothing better than manual bug hunting. Lets talk about this tool 🙂 ! The tool has been made in python language, hence we have to prepared yourself and configure python tool to use. In this tool you will get many features like: proxy user-agent parameters etc. with the help of whose we can do anonymous bug hunting as well as can also exploit the vulnerability without much effort.

Features of this Tool
  • URL encoding bypass
  • Case bypass
  • Support unicode encoding of HTML tag attribute value to bypass
  • Support HTML encoding to bypass the HTML tag attribute value
  • Support for flexible replacement of () ‘”to bypass

Lets take a look 🙂 !!

Installation

We do not need a lot of resources to download this tool just we should have only CURL tool which will download it automatically in our system. After the prerequisites are met, we will execute the following command.

curl -L -s https://raw.githubusercontent.com/Jewel591/CheckXSS/master/docs/install.sh|bash1curl-L-s

Loading…

raw.githubusercontent.com

1-19.png


After completing this, we will go to the directory which was created itself after completion of downloading.

cd CheckXSS
ls12cd CheckXSSls

2-20.png


All the work has been done now we are ready to start this tool and can execute and check the features of this tool by executing the below command.

python3 xssmap.py --h1python3 xssmap.py--h

3-21.png

Example

Let’s take an example first and for the testing purposes we will use XVWA vulnerable web application which is vulnerable to the XSS vulnerability. You can analysis the given code in which we have given the location and parameter to the vulnerability where possible we may get vulnerability of XSS.

python3 xssmap.py -u "http://192.168.0.104/xvwa/vulnerabilities/reflected_xss/?item=check" -p item1python3 xssmap.py-u"http://192.168.0.104/xvwa/vulnerabilities/reflected_xss/?item=check"-pitem

4-20-1024x582.png

Results

Great 🙂 You can see that it has successfully found the vulnerability and is even giving us the payload with the help of which we exploit the vulnerability.

5-17.png


After enter the payload onto the vulnerable parameter we get the following results.

6-17-1024x516.png


In the same way you can use it on various web applications and detect vulnerabilities of XSS.

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

422,212

310,551

310,560

A Ahmad19979
Top