Hey Folks, In this tutorial we are going to talk about an amazing tool called “PwnXSS“. It’s an open source tool available on github that is specially designed to find cross site scripting vulnerability (XSS) on web applications. Now let’s examine the main feature of this tool.
- Advanced error handling
- POST and GET forms are supported
- Many Settings that can be Customized
- Crawling all links on a website
- Multiprocessing support
Lets take a look 🙂 !!
It time to configure this tool on terminal. As you know that we make everything easy and likewise we will install and configure this tool in few steps. Now first we have to download it from github by using git command.
git clone https://github.com/pwn0sec/PwnXSS
Now we give chmod permission of the downloaded folder and go to the directory. Installation is Completed 🙂 !! After doing all that we can boot this tool by using python command.
Note : We are using the given website only for testing purposes.
chmod 755 -R PwnXSS
python3 pwnxss.py --help
Got it 🙂 !! Finally we got the exact location of the vulnerability parameter which is “cat=“. Furthermore, it places us vulnerabilities with combined xss payloads through which we can directly test vulnerabilities by executing them.
python3 pwnxss.py -u http://testphp.vulnweb.com
Done 🙂 !! As you can see the tools for finding xss vulnerabilities work fine and when we execute the given URL on the web browser the results are comes very impressive.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.