XSpear is XSS Scanner on ruby gems.
Key Features
- Pattern matching based XSS scanning
- Detect
alertconfirmpromptevent on headless browser (with Selenium) - Testing request/response for XSS protection bypass and reflected params
- Reflected Params
- Filtered test
event handlerHTML tagSpecial Char
- Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test…)
- Dynamic/Static Analysis
- Find SQL Error pattern
- Analysis Security headers(
CSPHSTSX-frame-options,XSS-protectionetc.. ) - Analysis Other headers..(Server version, Content-Type, etc…)
- Scanning from Raw file(Burp suite, ZAP Request)
- XSpear running on ruby code(with Gem library)
- Show
table base cli-reportandfiltered rule,testing raw query(url) - Testing at selected parameters
- Support output format
clijson- cli: summary, filtered rule(params), Raw Query
- Support Verbose level (quit / nomal / raw data)
- Support custom callback code to any test various attack vectors
Also Read : MSNM Sensor – Multivariate Statistical Network Monitoring Sensor
Installation
Install it yourself as:
$ gem install XSpear
Or install it yourself as (local file):
$ gem install XSpear-{version}.gem
Add this line to your application’s Gemfile:
gem ‘XSpear’
And then execute:
$ bundle
Dependency Gems
colorize selenium-webdriver terminal-table
If you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command.
$ gem install colorize
$ gem install selenium-webdriver
$ gem install terminal-table
Usage On CLI
Usage: xspear -u [target] -[options] [value]
–> e.g
$ ruby a.rb -u ‘https://www.hahwul.com/?q=123′ –cookie=’role=admin’
–> Options
-u, –url=target_URL [required] Target Url
-d, –data=POST Body [optional] POST Method Body data
–headers=HEADERS [optional] Add HTTP Headers
–cookie=COOKIE [optional] Add Cookie
–raw=FILENAME [optional] Load raw file(e.g raw_sample.txt)
-p, –param=PARAM [optional] Test paramters
-b, –BLIND=URL [optional] Add vector of Blind XSS
+ with XSS Hunter, ezXSS, HBXSS, etc…
+ e.g : -b https://hahwul.xss.ht
-t, –threads=NUMBER [optional] thread , default: 10
-o, –output=FILENAME [optional] Save JSON Result
-v, –verbose=1~3 [optional] Show log depth
+ Default value: 2
+ v=1 : quite mode
+ v=2 : show scanning log
+ v=3 : show detail log(req/res)
-h, –help Prints this help
–version Show XSpear version
–update Update with online
Result Types
- (I)NFO: Get information ( e.g sql error , filterd rule, reflected params, etc..)
- (V)UNL: Vulnerable XSS, Checked alert/prompt/confirm with Selenium
- (L)OW: Low level issue
- (M)EDIUM: medium level issue
- (H)IGH: high level issue
Case by Case
Scanning XSS
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy”
json output
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy” -o json -v 1
detail log
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy” -v 3
set thread
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -t 30
testing at selected parameters
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul” -p cat,test
testing blind xss
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -b “https://hahwul.xss.ht”
Update
if nomal user
$ gem update XSpear
if developers (soft)
$ git pull -v
if develpers (hard)
$ git reset –hard HEAD; git pull -v
Development
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
ScreenShot
.){kind=link}