Xssing is a simple semantic analysis based on the location of the vulnerability, to determine the existence of the vulnerability, and use chromium to verify that xss is existed.
xssing是一个根据参数存在位置构造payload,并结合chromium保证xss的正确率。
python 3.7及以上
运行 pip3 install -r reqirements.txt
XSSING选项信息
python3 xssing.py -h
usage: xssing.py [-h] [--version] [-v VERBOSE] [-u URL] [-r REQUESTFILE][--method METHOD] [--user-agent AGENT] [--data DATA][--cookie COOKIE] [-p PARAMETER] [--prefix PREFIX][--suffix SUFFIX] [--test-all] [--level LEVEL][--sleep SLEEP]optional arguments:-h, --help show this help message and exit--version Show program's version number and exit-v VERBOSE Verbosity level: 0-1 (default 0)Target:At least one of these options has to be provided to define the target(s)-u URL, --url URL Target URL (e.g. "http://www.site.com/vuln.php?id=1")-r REQUESTFILE Load HTTP request from a fileRequest:These options can be used to specify how to connect to the target URL--method METHOD Force usage of given HTTP method (e.g. PUT)--user-agent AGENT HTTP User-Agent header value--data DATA Data string to be sent through POST (e.g. "id=1")--cookie COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")Injection:These options can be used to specify which parameters to test for, providecustom injection payloads and optional tampering scripts-p PARAMETER Testable parameter(s)--prefix PREFIX Injection payload prefix string--suffix SUFFIX Injection payload suffix stringDetection:These options can be used to customize the detection phase--test-all test all payload--level LEVEL Level of tests to perform (1-2, default 1)Optimization:These options can be used to optimize the performance of xssing--sleep SLEEP Seconds to wait before check (default 0)
