XSpear is XSS Scanner on ruby gems.
Key Features
alert
confirm
prompt
event on headless browser (with Selenium)event handler
HTML tag
Special Char
CSP
HSTS
X-frame-options
, XSS-protection
etc.. )table base cli-report
and filtered rule
, testing raw query
(url)cli
json
Also Read : MSNM Sensor – Multivariate Statistical Network Monitoring Sensor
Installation
Install it yourself as:
$ gem install XSpear
Or install it yourself as (local file):
$ gem install XSpear-{version}.gem
Add this line to your application’s Gemfile:
gem ‘XSpear’
And then execute:
$ bundle
Dependency Gems
colorize
selenium-webdriver
terminal-table
If you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command.
$ gem install colorize
$ gem install selenium-webdriver
$ gem install terminal-table
Usage On CLI
Usage: xspear -u [target] -[options] [value]
–> e.g
$ ruby a.rb -u ‘https://www.hahwul.com/?q=123′ –cookie=’role=admin’
–> Options
-u, –url=target_URL [required] Target Url
-d, –data=POST Body [optional] POST Method Body data
–headers=HEADERS [optional] Add HTTP Headers
–cookie=COOKIE [optional] Add Cookie
–raw=FILENAME [optional] Load raw file(e.g raw_sample.txt)
-p, –param=PARAM [optional] Test paramters
-b, –BLIND=URL [optional] Add vector of Blind XSS
+ with XSS Hunter, ezXSS, HBXSS, etc…
+ e.g : -b https://hahwul.xss.ht
-t, –threads=NUMBER [optional] thread , default: 10
-o, –output=FILENAME [optional] Save JSON Result
-v, –verbose=1~3 [optional] Show log depth
+ Default value: 2
+ v=1 : quite mode
+ v=2 : show scanning log
+ v=3 : show detail log(req/res)
-h, –help Prints this help
–version Show XSpear version
–update Update with online
Result Types
Case by Case
Scanning XSS
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy”
json output
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy” -o json -v 1
detail log
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy” -v 3
set thread
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -t 30
testing at selected parameters
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul” -p cat,test
testing blind xss
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -b “https://hahwul.xss.ht”
Update
if nomal user
$ gem update XSpear
if developers (soft)
$ git pull -v
if develpers (hard)
$ git reset –hard HEAD; git pull -v
Development
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
ScreenShot
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…