اسکنر xss پیشرفته نوشته شده با روبی ..
تصویری برنامه
از امکانات برنامه :
- Pattern matching based XSS scanning
- Detect alert confirm prompt event on headless browser (with Selenium)
- Testing request/response for XSS protection bypass and reflected params
- Reflected Params
- Filtered test event handler HTML tag Special Char
- Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...)
- Dynamic/Static Analysis
- Find SQL Error pattern
- Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. )
- Analysis Other headers..(Server version, Content-Type, etc...)
- Scanning from Raw file(Burp suite, ZAP Request)
- XSpear running on ruby code(with Gem library)
- Show table base cli-report and filtered rule, testing raw query(url)
- Testing at selected parameters
- Support output format cli json
- cli: summary, filtered rule(params), Raw Query
- Support Verbose level (quit / nomal / raw data)
- Support custom callback code to any test various attack vectors
نصب و اجرا باید Gem را از قبل نصب داشته باشید ( خط به خط در ترمینال اجرا کنید )
کد:
اول کامپوننتهای برنامه را نصب کنید gem install colorize gem install selenium-webdriver gem install terminal-table gem install XSpear gem 'XSpear' bundle
کد:
xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
کد:
xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht"