XssPy – Web Application XSS Scanner – Penetration Testing

XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After that, it starts scanning each and every input on each and every page that it found while its traversal. It uses small yet effective payloads to search for XSS vulnerabilities.

The tool has been tested parallel with paid Vulnerability Scanners and most of the scanners failed to detect the vulnerabilities that the tool was able to find. Moreover, most paid tools scan only one site whereas XSSPY first finds a lot of subdomains and then scan all the links altogether. The tool comes with:

Short Scanning

Comprehensive Scanning

Finding subdomains

Checking every input on every page

With this tool, Cross Site Scripting vulnerabilities have been found in the websites of MIT, Stanford, Duke University, Informatica, Formassembly, ActiveCompaign, Volcanicpixels, Oxford, Motorola, Berkeley and many more.

Installation:

Type the following in the terminal.

git clone http://ift.tt/28OLnv3 /opt/xsspy

The tool works on Python 2.7 and you should have mechanize installed. If mechanize is not installed, type “pip install mechanize” in the terminal.

Usage:

python XssPy.py website.com (Do not write http://www.website.com OR http://www.website.com)

Payloads

If you have found a XSS vulnerability, you can try the following payloads. http://ift.tt/2u1kpI4

Source: http://ift.tt/1U1tkzB

The post XssPy – Web Application XSS Scanner appeared first on Penetration Testing.

http://ift.tt/2u0Wokw http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s