xsscrapy – XSS/SQLi Spider

  • 417
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    417
    Shares

xsscrapy, a tool, that examines given URL to find cross-site scripting and some SQL injection vulnerabilities.

 

Requirements

  • Python
  • xsscrapy
  • Linux operating system
  • May need additional libraries depending on OS (libxml2 libxslt zlib libffi openssl and sometimes libssl-dev)

 

Download and Install

Step 1: Download and install xsscrapy from GitHub or type the following command given below:

wget -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install -r requirements.txt

 

Step 2: To run the command within the main folder:

./xsscrapy.py -u http://example.com

 Step 3: To login and crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname

 Step 4: To login with HTTP basic auth then crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname --basic

 Step 5: To use cookies:

./xsscrapy.py -u http://example.com/login_page --cookie "SessionID=abcdef1234567890"

 Step 6: To limit simultaneous connections (upto 20):

./xsscrapy.py -u http://example.com -c 20

 Step 7: To rate limit to 60 requests per minute:

./xsscrapy.py -u http://example.com/ -r 60

 

All the XSS vulnerabilities are reported in xssrapy-vulns.txt

Note: If  it gives an error : ImportError: cannot import name LinkExtractor . This means that you don’t have the latest version of scrapy. You can install it using: sudo pip install --upgrade scrapy.

 

Download now – XSSCRAPY

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply