Hey Folks, In this tutorial we are going to talk about an amazing tool called “PwnXSS“. It’s an open source tool available on github that is specially designed to find cross site scripting vulnerability (XSS) on web applications. Now let’s examine the main feature of this tool.
Main Features
- Advanced error handling
- POST and GET forms are supported
- Many Settings that can be Customized
- Crawling all links on a website
- Multiprocessing support
Lets take a look 🙂 !!
Installation
It time to configure this tool on terminal. As you know that we make everything easy and likewise we will install and configure this tool in few steps. Now first we have to download it from github by using git command.
1 | git clone https://github.com/pwn0sec/PwnXSS |
Now we give chmod permission of the downloaded folder and go to the directory. Installation is Completed 🙂 !! After doing all that we can boot this tool by using python command.
Note : We are using the given website only for testing purposes.
1 2 3 | chmod 755 -R PwnXSS cd PwnXSS python3 pwnxss.py --help |
Got it 🙂 !! Finally we got the exact location of the vulnerability parameter which is “cat=“. Furthermore, it places us vulnerabilities with combined xss payloads through which we can directly test vulnerabilities by executing them.
1 | python3 pwnxss.py -u http://testphp.vulnweb.com |
Done 🙂 !! As you can see the tools for finding xss vulnerabilities work fine and when we execute the given URL on the web browser the results are comes very impressive.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
I’ve been surfing on-line more than 3 hours as of late,
but I never found any interesting article like yours. It’s lovely value sufficient
for me. In my view, if all web owners and bloggers made good content
as you probably did, the web can be a lot more helpful than ever before.