Xsstrike ngokoqobo kwenza ukutholwa kwe-XSS kube lula kakhulu!
Ithuluzi elisebenziseka kakhulu umuntu angalisebenzisa.
Yini i-xsstrike?
Xsstrike iyithuluzi lokubhala esinqamulweni sendawo.
Ihlinzekwa ngama-parsers amane abhalwe ngesandla, Umholo obhalwe ngobuhlakani, Injini enhle ethokozisayo, kanye nomkhakha osheshayo osheshayo.
Xsstrike Ngokungafani namanye amathuluzi awafaki ama-payloads.
Esikhundleni salokho isebenzisa ama-parsers ezenziwe ngezandla ukuze ahlole izimpendulo ezahlukahlukene zewebhu.
Futhi, Kungaskena kwe-DOM XSS.
Ingakhasa futhi, umnyatheliso weminwe, kanye ne-fuzz wafs.
Ithuluzi lidinga Python 3.4+ ukusebenza.
Ngaphezu kwalokho, Ixhasa i-Linux, Inzi, kanye neWindows Windows.
Ukukhetha komhleli:
- Macof - ithuluzi lokukhukhula ekugcineni | Okokufundisa[2020]
- I-NWANIME - Izindlela ezihamba phambili zeNwanime [2020]
- I-CCMaker - Download Ultimate Adobe Piracy Kit[2020]
- I-Losmovies - Iwebhusayithi Ehamba phambili Ye-Movie Yokusakaza
- I-Andrax - Ukuhlolwa kokungena ku-Android | Umhlahlandlela Ophelele
Izithombe ezivelele ze-XSstrike:
- Ukuhlaziywa komongo.
- Umongo olungisekayo.
- Ukugeleza komsebenzi okucwaningwe kakhulu.
- Kuboniswe futhi kuthwetshulwa kwe-DOM XSS.
- Ukukhasa okuningi.
- Ukutholwa kwe-waf & ukuhwamuka, I-Waf Fingerprinting.
- I-HTML eyenziwe ngezandla & JavaScript parser.
- Injini enamandla enamandla.
- Intelligent Payload Generator.
- Qedela ukwesekwa kwe-HTTP.
- Inikwe amandla yi-Photon, Zetanize, futhi arjun.
- Ikhodi ebhalwe kahle kanye nezibuyekezo ezijwayelekile.
Ukufaka i-xsstrike:
- Cloning git repo.
$ git clone https://github.com/s0md3v/xsstrike.git
2. Ukuhanjiswa kwesikhombisi bese ufaka izidingo:
$ cd xsstrike $ Faka -R Faka -r Izidingo.txt
3. -Gijima Xsstrike:
$ python xsstrike
Ukusetshenziswa kwe-XSstrike:
Ukufaka uhlu konke okutholakalayo, ukuthayipha--help:
umsebenzi: xsstrike.py [-h] [-i-uget] [--Idatha yedatha] [-TECTS]
[--ukunkehlela] [--buyekeza] [--isikhathi siphelile] [--amapharaleki] [--gaqa]
[--Yeqa-POC] [--Yeqa-Pliwula] [--izihloko] [-d ukubambezeleka]
Izimpikiswano ezingakhethwa:
-h, --Siza ukukhombisa lo mlayezo wosizo nokuphuma
-u, --I-URL Target URL
- Data yeposi
-t, --imicu yenombolo yentambo
-Ku, --Ileveli Yezinga Lokukhasa
--Fuzzer Fuzzer
- Vuselela
- Isikhathi sokuvala
--params thola amapharamu
- Crawl ukukhasa
--Skip-poc yeqa isizukulwane se-poc
--Skip-DOM SPP SKIP I-DOM Check
- Ama-Headers engeza izihloko
-D, --ukubambezeleka ukubambezeleka phakathi kwezicelo
Ungayisebenzisa kanjani ithuluzi le-xsstrike?
Ukusebenzisa leli thuluzi kulula kakhulu.
Udinga nje ukuqonda ezinye zezisekelo ze-Linux.
Ungakhathazeki, Sizokuqondisa ukuthi usisebenzise isinyathelo ngesinyathelo.
1. Ukuskena i-URL eyodwa:
Ukukhetha: -u noma --url
Ukuhlola ikhasi elilodwa lewebhu elisebenzisa indlela yokuthola:
$ python xsstrike.py -u "http://Isibonelo.com/search.php?Q = Umbuzo"
Ukuhlinzeka idatha yeposi:
$ python xsstrike.py -u "http://Isibonelo.com/search.php" --umbhalo "Q = Umbuzo"
2. Enyatela:
Ukukhetha: --crawl
Ukuqala ukukhasa ekhasini lewebhu eliqondiwe, gijima:
$ python xsstrike.py -u "http://Isibonelo.com/Page.php" --gaqa
Ukuthola amapharamitha afihliwe:
Ukukhetha: --params
$ python xsstrike.py -u "http://Isibonelo.com/Page.php" --amapharaleki
3. Yeqa i-poc ne-dom:
Ukukhetha: --skip-poc
$ python xsstrike.py -u "http://Isibonelo.com/search.php?Q = Umbuzo" --Yeqa-POC
Ukukhetha: --skip-dom
$ python xsstrike.py -u "http://Isibonelo.com/search.php?Q = Umbuzo" --Yeqa-Pliwula
Isiphetho:
Xsstrike iyithuluzi elimangalisayo ngempela lokuthola ubungozi be-XSS ezihlelweni zewebhu.
Ungasebenzisa leli thuluzi ukuze kube lula kuwe.
Uma uthandile okuqukethwe kwethu Qiniseka ukuthi ushiya amazwana phansi ngezansi futhi ubonge iqembu lethu. Uma uthola kunzima ukusebenzisa leli thuluzi ungashiya imibuzo yakho ngezansi. Iqembu Cshawk lizothinta maduze nawe.
