Recent changes to XSSploit-en

XSSploit-en modified by Maguey

Maguey — Fri, 08 Nov 2019 17:38:11 -0000

--- v5
+++ v6
@@ -1,5 +1,5 @@
 
-[[img src=https://sourceforge.net/p/maguey/wiki/repo_img/attachment/MAGUEY-2-Logo.png height=25% width=25% style=float:right]]
+[[img src=https://sourceforge.net/p/maguey/wiki/Home/attachment/LogoMaguey.png height=25% width=25% style=float:right]]
 



 Back  Español
@@ -52,7 +52,7 @@

 
 Reports:

-Output reports:  Yes  ✔
+Output reports:  ✔
 

 Customizable reports in XML format with the following options:
 

@@ -65,7 +65,7 @@
 

 Basic usage:
-Scan for Cross-Site Scripting vulnerabilities. The following command shows the basic syntax to scan a Web Application for a Cross-Site Scripting vulnerability search.
+Perform a vulnerability scan on a web application. Start the tool and on the GUI will be available three tabs: “Scan”, “XSS Exploit” and “Report”.

 On the “Scan” tab provide the web application URL address and press the “Spider” button. The tool will generate a list on the right panel of detected URLs, Forms and parameters from the web application.

en-XSSploit modified by Maguey

Maguey — Fri, 08 Nov 2019 16:58:10 -0000

--- v4
+++ v5
@@ -1,5 +1,5 @@
 
-[[img src=https://sourceforge.net/p/maguey/wiki/Home/attachment/LogoMaguey.png height=25% width=25% style=float:right]]
+[[img src=https://sourceforge.net/p/maguey/wiki/repo_img/attachment/MAGUEY-2-Logo.png height=25% width=25% style=float:right]]
 



 Back  Español
@@ -52,7 +52,7 @@

 
 Reports:

-Output reports:  ✔
+Output reports:  Yes  ✔
 

 Customizable reports in XML format with the following options:
 

@@ -65,7 +65,7 @@
 

 Basic usage:
-Perform a vulnerability scan on a web application. Start the tool and on the GUI will be available three tabs: “Scan”, “XSS Exploit” and “Report”.
+Scan for Cross-Site Scripting vulnerabilities. The following command shows the basic syntax to scan a Web Application for a Cross-Site Scripting vulnerability search.

 On the “Scan” tab provide the web application URL address and press the “Spider” button. The tool will generate a list on the right panel of detected URLs, Forms and parameters from the web application.

XSSploit-en modified by Maguey

Maguey — Wed, 11 Dec 2013 19:25:12 -0000

--- v3
+++ v4
@@ -7,7 +7,7 @@
 XSSploit
 

-Phase(s):1769242397
+Phase(s):
 Primary: Discovery.
 Secondary:  N/A.

XSSploit-en modified by Maguey

Maguey — Wed, 11 Dec 2013 19:24:52 -0000

--- v2
+++ v3
@@ -65,91 +65,19 @@
 

 Basic usage:
-Perform a vulnerability scan on a web application. The following instruction initiates the scan on a web application.
+Perform a vulnerability scan on a web application. Start the tool and on the GUI will be available three tabs: “Scan”, “XSS Exploit” and “Report”.

-
-./skipfish –A usuario:password –o [Directorio] –K jsession –I http://localhost/ -X /miaplicacion/logout.php http://localhost/miaplicacion
-


+On the “Scan” tab provide the web application URL address and press the “Spider” button. The tool will generate a list on the right panel of detected URLs, Forms and parameters from the web application.

-
-Where:
-

--A: Web application username & password. 
-
-o: Report export path. 
-
-K: Excluded parameters from the scan.
-
-I: Included URLs from the scan.
-
-X: Excluded URLs from the scan.
-
-
+Press the “Analyze” button under the displayed results to begin the Cross Site Scripting scan analysis. Once the analysis is completed, the number of vulnerabilities, both detected and exploitable is displayed on the progress bar.

-The tool will display informative details directed at the user such as an early scan termination in case it’s required as well as recommendation.
+The analysis results will be present on the “XSS” tab.

-
-Welcome to skipfish. Here are some useful tips:

-

-1) To abort the scan at any time, press Ctrl-C. A partial report will be written to the specified location. To view a list of currently scanned URLs, you can press space at any time during the scan.

-

-2) Watch the number requests per second shown on the main screen. If this figure drops below 100-200, the scan will likely take a very long time.

-

-3) The scanner does not auto-limit the scope of the scan; on complex sites, you may need to specify locations to exclude, or limit brute-force steps.

-

-4) There are several new releases of the scanner every month. If you run into trouble, check for a newer version first, let the author know next.

-

-More info: http://code.google.com/p/skipfish/wiki/KnownIssues

-

-Press any key to continue (or wait 60 seconds)...
  
+The “Exploit” tab presents the available payload options to be used for the exploitation of the Cross Site Scripting vulnerabilities. Choose any vulnerability from the “Exploitable XSS” as well as a payload type.

-


+By pressing the “Generate exploit code”, the tool will generate and display the required payload to exploit the vulnerability; for a POST petition it will include the payload while on a GET petition it will include the payload along the URL. 

-Whether 60 have passed or an interaction by the user is performed, the tool will begin with the scanning process.
-
-
-skipfish version 2.07b by 

-

-  - 127.0.0.1 -

-

-Scan statistics:

-

-      Scan time : 0:00:20.990

-  HTTP requests : 8281 (394.5/s), 17763 kB in, 1932 kB out (938.3 kB/s)  

-    Compression : 0 kB in, 0 kB out (0.0% gain)    

-    HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops

- TCP handshakes : 187 total (44.3 req/conn)  

-     TCP faults : 0 failures, 0 timeouts, 14 purged

- External links : 7 skipped

-   Reqs pending : 0          

-

-Database statistics:

-

-         Pivots : 140 total, 140 done (100.00%)   
 
-    In progress : 0 pending, 0 init, 0 attacks, 0 dict   
  
-  Missing nodes : 121 spotted

-     Node types : 1 serv, 123 dir, 2 file, 4 pinfo, 0 unkn, 10 par, 0 val

-   Issues found : 153 info, 0 warn, 3 low, 10 medium, 2 high impact

-      Dict size : 123 words (123 new), 2 extensions, 143 candidates

-
-


-
-When the scan is completed the tool will begin exporting the results on the specified path.
-
-
-[+] Copying static resources...

-[+] Sorting and annotating crawl nodes: 140

-[+] Looking for duplicate entries: 140

-[+] Counting unique nodes: 15

-[+] Saving pivot data for third-party tools...

-[+] Writing scan description...

-[+] Writing crawl tree: 140

-[+] Generating summary views...

-[+] Report saved to 'reports_clean/test003/index.html' [0x6e72d1d6].

-[+] This was a great day for science!

-


-
-Example report:
-
-
-[[img src=https://sourceforge.net/p/maguey/wiki/repo_img/attachment/Skipfish-01.jpg alt=image height=50% width=50%]]
-
+Finally on the “Report” tab select the required export format and press the “Save” button.

XSSploit-en modified by Maguey

Maguey — Wed, 11 Dec 2013 19:23:45 -0000

--- v1
+++ v2
@@ -14,29 +14,39 @@
 

 Description: 
-Tool that performs a vulnerability scan on web applications. It runs in two modes, the first one performs a spidering  of the web application and the second one uses dictionary based brute force attacks.
+Tool specialized in detecting Cross Site Scripting vulnerabilities. Additionally, it generates the required payload to exploit the detected vulnerabilities.

 

 Objective:
 
-Detect vulnerabilities on the web application.
+
Detect Cross Site Scripting vulnerabilities and prepare them for their exploitation.
 

 

 Features:
-Supported technologies: Web applications (HTTP).
+Supported technologies: Web applications (HTTP/HTTPS).

 Operative mode: Active.

 
-Detect vulnerabilities on the web application.
+Detect Cross Site Scripting vulnerabilities and prepare them for their exploitation.
 

-Performs a predefined and configurable spidering on the web application; configurations include domain on the scope, restricted URLs and parameters, etc.
-
dentify common vulnerabilities such as Cross Site Script, SQL Injection, Path Traversal, Information Disclosure, etc.
-
Provides a configurable dictionary base brute force attack functionality in order to detect commons resources such as administrative, default and test pages, files backups (.old), etc.
-
Has the capability to include self-defined dictionaries to be used on the brute force module.
+
Provides a URL and Form list of the web application through a spidering module.
+
Fixed analysis on the Forms “text” inputs detected from the spidering searching for Cross Site Scripting vulnerabilities.
+
Provides a list of detected vulnerabilities based on the analysis which include the following information:
+
+Whether the vulnerability can be exploited or not.
+
URL.
+
Cross Site Scripting type: Stored or Reflected.
+
HTTP method used (GET/POST).
+
Parameter name.
+
Context.
+
+
Provides several payloads to perform the exploitation of the vulnerability.
+
Basic authentication support.
+
Customizable spidering module that allows the definition of new regular expressions through a configuration file.
 
 

@@ -44,11 +54,11 @@
 Reports:

 Output reports:  ✔
 

-Reports in HTML format which includes the visited URLS and detected vulnerabilities divided into three sections:
+Customizable reports in XML format with the following options:
 
-URL: URLs detected by the spidering module.
-
Document type: URL categorization by content based on the response.
-
Detected vulnerabilities: URL groups by matching vulnerabilities.
+
Detected pages by the spidering module.
+
Detected Forms and parameters.
+
Cross Site Scripting vulnerabilities detected and exploited.

XSSploit-en modified by Maguey

Maguey — Wed, 11 Dec 2013 17:36:58 -0000

Back Español

XSSploit

Phase(s):

1769242397
Primary: Discovery.
Secondary: N/A.

Description:

Tool that performs a vulnerability scan on web applications. It runs in two modes, the first one performs a spidering of the web application and the second one uses dictionary based brute force attacks.

Objective:

Detect vulnerabilities on the web application.

Features:

Supported technologies: Web applications (HTTP).

Operative mode: Active.

Detect vulnerabilities on the web application.

Performs a predefined and configurable spidering on the web application; configurations include domain on the scope, restricted URLs and parameters, etc.
dentify common vulnerabilities such as Cross Site Script, SQL Injection, Path Traversal, Information Disclosure, etc.
Provides a configurable dictionary base brute force attack functionality in order to detect commons resources such as administrative, default and test pages, files backups (.old), etc.
Has the capability to include self-defined dictionaries to be used on the brute force module.

Reports:
Output reports: ✔
Reports in HTML format which includes the visited URLS and detected vulnerabilities divided into three sections:

URL: URLs detected by the spidering module.
Document type: URL categorization by content based on the response.
Detected vulnerabilities: URL groups by matching vulnerabilities.

Basic usage:

Perform a vulnerability scan on a web application. The following instruction initiates the scan on a web application.

./skipfish –A usuario:password –o [Directorio] –K jsession –I http://localhost/ -X /miaplicacion/logout.php http://localhost/miaplicacion

Where:

-A: Web application username & password.
-o: Report export path.
-K: Excluded parameters from the scan.
-I: Included URLs from the scan.
-X: Excluded URLs from the scan.

The tool will display informative details directed at the user such as an early scan termination in case it’s required as well as recommendation.

Welcome to skipfish. Here are some useful tips:

1) To abort the scan at any time, press Ctrl-C. A partial report will be written to the specified location. To view a list of currently scanned URLs, you can press space at any time during the scan.

2) Watch the number requests per second shown on the main screen. If this figure drops below 100-200, the scan will likely take a very long time.

3) The scanner does not auto-limit the scope of the scan; on complex sites, you may need to specify locations to exclude, or limit brute-force steps.

4) There are several new releases of the scanner every month. If you run into trouble, check for a newer version first, let the author know next.

More info: http://code.google.com/p/skipfish/wiki/KnownIssues

Press any key to continue (or wait 60 seconds)...

Whether 60 have passed or an interaction by the user is performed, the tool will begin with the scanning process.

skipfish version 2.07b by

- 127.0.0.1 -

Scan statistics:

Scan time : 0:00:20.990
HTTP requests : 8281 (394.5/s), 17763 kB in, 1932 kB out (938.3 kB/s)
Compression : 0 kB in, 0 kB out (0.0% gain)
HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops
TCP handshakes : 187 total (44.3 req/conn)
TCP faults : 0 failures, 0 timeouts, 14 purged
External links : 7 skipped
Reqs pending : 0

Database statistics:

Pivots : 140 total, 140 done (100.00%)
In progress : 0 pending, 0 init, 0 attacks, 0 dict
Missing nodes : 121 spotted
Node types : 1 serv, 123 dir, 2 file, 4 pinfo, 0 unkn, 10 par, 0 val
Issues found : 153 info, 0 warn, 3 low, 10 medium, 2 high impact
Dict size : 123 words (123 new), 2 extensions, 143 candidates

When the scan is completed the tool will begin exporting the results on the specified path.

[+] Copying static resources...
[+] Sorting and annotating crawl nodes: 140
[+] Looking for duplicate entries: 140
[+] Counting unique nodes: 15
[+] Saving pivot data for third-party tools...
[+] Writing scan description...
[+] Writing crawl tree: 140
[+] Generating summary views...
[+] Report saved to 'reports_clean/test003/index.html' [0x6e72d1d6].
[+] This was a great day for science!

Example report:

Resources:

Link: http://www.scrt.ch/en/attack/downloads/xssploit
Author(s): SCRT Information Security
Contact: info [at] scrt.ch
License: GNU GENERAL PUBLIC LICENSE, Versión 2