[jpshare]
XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable.
An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site.
XSS classified into three types Reflected XSS, Stored XSS, DOM-Based XSS. To read more about XSS and OWSAP 10 vulnerabilities click here.
To find the XSS many famous tools available such as Burp, ZAP, Vega, Nikito. Today we are to discuss XSSight powered by Team Ultimate.
You can clone the tool from Github.
Step1: To Download and install XSSight.
Step2: To launch the tool navigate to concern directory and type python xssight.py
It injects characters like /\ ” <> and checks the source code of the objective website page to perceive how the page handles the info and lets us know whether it is defenseless against XSS.
Select number 1 for XSS Scanner
From the result, we can see the parameter is vulnerable to XSS injection.
Also, you can try by injecting XSS payloads.
Now you can see what sort of payload conflicts with the target.
Also Read
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…
View Comments
Does this run for python 2 or python 3 environment? i tried running the script in python 3.5 environment and got the following error:
Traceback (most recent call last):
File "xssight.py", line 6, in
from __future__ import print_function
ImportError: No module named 'urllib2'
SO i later figured out...it works on only python 2 (urllib in python 2 is replaced by urllib.request in python 3)...but it only scans for xss in the url.......it doesn't go through all input boxes in the web application...
Hi Charles,
Hope you are doing good.In the demonstration we have checked with a simple test page it went fine. We will check it again..
It was just a beta release. XSSight is under heavy development. We will add a feature which automatically crawls a website for parameters in XSSight v1.2
Stolen tool from github renamed seen it all over facebook just another way to steel others hard work.