xsscrapy – XSS/SQLi Spider

  • 417
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    417
    Shares

xsscrapy, a tool, that examines given URL to find cross-site scripting and some SQL injection vulnerabilities.

 

Requirements

  • Python
  • xsscrapy
  • Linux operating system
  • May need additional libraries depending on OS (libxml2 libxslt zlib libffi openssl and sometimes libssl-dev)

 

Download and Install

Step 1: Download and install xsscrapy from GitHub or type the following command given below:

wget -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install -r requirements.txt

 

Step 2: To run the command within the main folder:

./xsscrapy.py -u http://example.com

 Step 3: To login and crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname

 Step 4: To login with HTTP basic auth then crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname --basic

 Step 5: To use cookies:

./xsscrapy.py -u http://example.com/login_page --cookie "SessionID=abcdef1234567890"

 Step 6: To limit simultaneous connections (upto 20):

./xsscrapy.py -u http://example.com -c 20

 Step 7: To rate limit to 60 requests per minute:

./xsscrapy.py -u http://example.com/ -r 60

 

All the XSS vulnerabilities are reported in xssrapy-vulns.txt

Note: If  it gives an error : ImportError: cannot import name LinkExtractor . This means that you don’t have the latest version of scrapy. You can install it using: sudo pip install --upgrade scrapy.

 

Download now – XSSCRAPY

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply