Primary: Discovery.
Secondary: N/A.
Tool specialized in detecting Cross Site Scripting vulnerabilities. Additionally, it generates the required payload to exploit the detected vulnerabilities.
Supported technologies: Web applications (HTTP/HTTPS).
Operative mode: Active.
Detect Cross Site Scripting vulnerabilities and prepare them for their exploitation.
Reports:
Output reports: ✔
Customizable reports in XML format with the following options:
Perform a vulnerability scan on a web application. Start the tool and on the GUI will be available three tabs: “Scan”, “XSS Exploit” and “Report”.
On the “Scan” tab provide the web application URL address and press the “Spider” button. The tool will generate a list on the right panel of detected URLs, Forms and parameters from the web application.
Press the “Analyze” button under the displayed results to begin the Cross Site Scripting scan analysis. Once the analysis is completed, the number of vulnerabilities, both detected and exploitable is displayed on the progress bar.
The analysis results will be present on the “XSS” tab.
The “Exploit” tab presents the available payload options to be used for the exploitation of the Cross Site Scripting vulnerabilities. Choose any vulnerability from the “Exploitable XSS” as well as a payload type.
By pressing the “Generate exploit code”, the tool will generate and display the required payload to exploit the vulnerability; for a POST petition it will include the payload while on a GET petition it will include the payload along the URL.
Finally on the “Report” tab select the required export format and press the “Save” button.
Link: http://www.scrt.ch/en/attack/downloads/xssploit
Author(s): SCRT Information Security
Contact: info [at] scrt.ch
License: GNU GENERAL PUBLIC LICENSE, Versión 2