Giter Site home page Giter Site logo

testxss's Introduction

testxss

PHP tool to test XSS.
Note that this is an automated tool, manual check is still required.

Usage: php testxss.php [OPTIONS]

Options:
	-h, --help	print this help

	--burp		export from Burp Suite (not implement yet)
	--request	source file of the orignal request
	--single	load a single url
	--test		file that contains a list of urls already payloaded (that means payload options will be ignored)
	--urls		file that contains a list of urls
	
	--cookies	set the cookie (overwrite all other cookies)
	--force-cl	force Content-Length header
	--no-redir	do not follow redirection
	--ssl		force https
	
	--inject	injection point, default=GPCHFU
				G: GET parameters
				P: POST parameters
				C: Cookies
				H: Headers
				F: Fragment
				U: Url (ending concatenation prepended by a slash '/')
	--inject-name	inject in paramater name as well, default=disabled
				G: GET parameters
				P: POST parameters
				C: Cookies
				H: Headers
	--gpg		try to send GET params to POST and POST params to GET
	--param		name of a specific param/cookie/header to test
	
	--payload	set single payload or file, default='"><
	--prefix	prefix all payloads with a string, default is random string
	--suffix	suffix all payloads with a string, default is random string
	--encode	urlencode the payload, default=disabled
	--replace	replace the value of the parameter by the payload instead of concatenate at the end (only for GP)
	--wish		parse that string we want to find in the response

	--no-test	do not performed any test, list only the urls called
	--phantom	if you test XSS with phantomjs, full path to the executable
	--sos		stop on success
	--threads	number of threads, default=5
	--no-color	disable colors
	--verbose	level of verbose, default=0
				0: everything		
				1: don't display result details		
				2: display only vulnerable		
				3: display only vulnerable with details

Examples:
	php testxss.php --single="http://www.example.com/test.php?a=b" --payload="xss'" --cookies="PHPSESSID=elqopltf3rl25k7jkhi6drvvr9"
	php testxss.php --request=export.burp --inject=GPCH --gpg --inject-name=GP		
	php testxss.php --urls=urls.txt --threads=10 --payload=payloads.txt --prefix=aaaaa --suffix=bbbbb

todo

Url concatenation
Mouse/keyboard events
Random user-agent
JSON Padding

I don't believe in license.
You can do want you want with this program.

testxss's People

Contributors

gwen001 avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.