Hey Folks, In this tutorial we are going to discuss an XSS vulnerability finder called an βxssmapβ. If you are a beginner then we can recommend this tool otherwise there is nothing better than manual bug hunting. Lets talk about this tool π ! The tool has been made in python language, hence we have to prepared yourself and configure python tool to use. In this tool you will get many features like: proxy user-agent parameters etc. with the help of whose we can do anonymous bug hunting as well as can also exploit the vulnerability without much effort.
Lets take a look π !!
We do not need a lot of resources to download this tool just we should have only CURL tool which will download it automatically in our system. After the prerequisites are met, we will execute the following command.
curl -L -s https://raw.githubusercontent.com/Jewel591/CheckXSS/master/docs/install.sh|bash
After completing this, we will go to the directory which was created itself after completion of downloading.
cd CheckXSS
ls
All the work has been done now we are ready to start this tool and can execute and check the features of this tool by executing the below command.
python3 xssmap.py --h
Letβs take an example first and for the testing purposes we will use XVWA vulnerable web application which is vulnerable to the XSS vulnerability. You can analysis the given code in which we have given the location and parameter to the vulnerability where possible we may get vulnerability of XSS.
python3 xssmap.py -u "http://192.168.0.104/xvwa/vulnerabilities/reflected_xss/?item=check" -p item
Great π You can see that it has successfully found the vulnerability and is even giving us the payload with the help of which we exploit the vulnerability.
After enter the payload onto the vulnerable parameter we get the following results.
In the same way you can use it on various web applications and detect vulnerabilities of XSS.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.