XSpear is XSS Scanner on ruby gems.
Key Features
alert
confirm
prompt
event on headless browser (with Selenium)event handler
HTML tag
Special Char
CSP
HSTS
X-frame-options
, XSS-protection
etc.. )table base cli-report
and filtered rule
, testing raw query
(url)cli
json
Also Read : MSNM Sensor – Multivariate Statistical Network Monitoring Sensor
Installation
Install it yourself as:
$ gem install XSpear
Or install it yourself as (local file):
$ gem install XSpear-{version}.gem
Add this line to your application’s Gemfile:
gem ‘XSpear’
And then execute:
$ bundle
Dependency Gems
colorize
selenium-webdriver
terminal-table
If you configured it to install automatically in the Gem library, but it behaves abnormally, install it with the following command.
$ gem install colorize
$ gem install selenium-webdriver
$ gem install terminal-table
Usage On CLI
Usage: xspear -u [target] -[options] [value]
–> e.g
$ ruby a.rb -u ‘https://www.hahwul.com/?q=123′ –cookie=’role=admin’
–> Options
-u, –url=target_URL [required] Target Url
-d, –data=POST Body [optional] POST Method Body data
–headers=HEADERS [optional] Add HTTP Headers
–cookie=COOKIE [optional] Add Cookie
–raw=FILENAME [optional] Load raw file(e.g raw_sample.txt)
-p, –param=PARAM [optional] Test paramters
-b, –BLIND=URL [optional] Add vector of Blind XSS
+ with XSS Hunter, ezXSS, HBXSS, etc…
+ e.g : -b https://hahwul.xss.ht
-t, –threads=NUMBER [optional] thread , default: 10
-o, –output=FILENAME [optional] Save JSON Result
-v, –verbose=1~3 [optional] Show log depth
+ Default value: 2
+ v=1 : quite mode
+ v=2 : show scanning log
+ v=3 : show detail log(req/res)
-h, –help Prints this help
–version Show XSpear version
–update Update with online
Result Types
Case by Case
Scanning XSS
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy”
json output
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy” -o json -v 1
detail log
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -d “searchFor=yy” -v 3
set thread
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -t 30
testing at selected parameters
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul” -p cat,test
testing blind xss
$ xspear -u “http://testphp.vulnweb.com/search.php?test=query” -b “https://hahwul.xss.ht”
Update
if nomal user
$ gem update XSpear
if developers (soft)
$ git pull -v
if develpers (hard)
$ git reset –hard HEAD; git pull -v
Development
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
ScreenShot
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…