testxss — инструмент PHP для тестирования XSS — Information Security Squad

testxss — инструмент PHP для тестирования XSS

testxss — инструмент PHP для тестирования XSS

Обратите внимание, что это автоматический инструмент,но ручная проверка по-прежнему требуется.

Использование

<pre><em><strong><code>Usage: php testxss.php [OPTIONS]

Options:
	-h, --help	print this help

	--burp		export from Burp Suite (not implement yet)
	--request	source file of the orignal request
	--single	load a single url
	--test		file that contains a list of urls already payloaded (that means payload options will be ignored)
	--urls		file that contains a list of urls
	
	--cookies	set the cookie (overwrite all other cookies)
	--force-cl	force Content-Length header
	--no-redir	do not follow redirection
	--ssl		force https
	
	--inject	injection point, default=GPCHFU
				G: GET parameters
				P: POST parameters
				C: Cookies
				H: Headers
				F: Fragment
				U: Url (ending concatenation prepended by a slash '/')
	--inject-name	inject in paramater name as well, default=disabled
				G: GET parameters
				P: POST parameters
				C: Cookies
				H: Headers
	--gpg		try to send GET params to POST and POST params to GET
	--param		name of a specific param/cookie/header to test
	
	--payload	set single payload or file, default='"><
	--prefix	prefix all payloads with a string, default is random string
	--suffix	suffix all payloads with a string, default is random string
	--encode	urlencode the payload, default=disabled
	--replace	replace the value of the parameter by the payload instead of concatenate at the end (only for GP)

	--no-test	do not performed any test, list only the urls called
	--phantom	if you test XSS with phantomjs, full path to the executable
	--sos		stop on success
	--threads	number of threads, default=5
	--no-color	disable colors
	--verbose	level of verbose, default=0
				0: everything		
				1: don't display result details		
				2: display only vulnerable		
				3: display only vulnerable with details

Examples:
	php testxss.php --single="https://www.example.com/test.php?a=b" --payload="xss'" --cookies="PHPSESSID=elqopltf3rl25k7jkhi6drvvr9"
	php testxss.php --request=export.burp --inject=GPCH --gpg --inject-name=GP		
	php testxss.php --urls=urls.txt --threads=10 --payload=payloads.txt --prefix=aaaaa --suffix=bbbbb</code></strong></em> 

Скачать testxss

cryptoparty

Cryptography is typically bypassed, not penetrated.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

5e7fa976b0640d40