xsscrapy – XSS/SQLi Spider

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

xsscrapy, a tool, that examines given URL to find cross-site scripting and some SQL injection vulnerabilities.

 

Requirements

  • Python
  • xsscrapy
  • Linux operating system
  • May need additional libraries depending on OS (libxml2 libxslt zlib libffi openssl and sometimes libssl-dev)

 

Download and Install

Step 1: Download and install xsscrapy from GitHub or type the following command given below:

wget -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install -r requirements.txt

 

Step 2: To run the command within the main folder:

./xsscrapy.py -u http://example.com

 Step 3: To login and crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname

 Step 4: To login with HTTP basic auth then crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname --basic

 Step 5: To use cookies:

./xsscrapy.py -u http://example.com/login_page --cookie "SessionID=abcdef1234567890"

 Step 6: To limit simultaneous connections (upto 20):

./xsscrapy.py -u http://example.com -c 20

 Step 7: To rate limit to 60 requests per minute:

./xsscrapy.py -u http://example.com/ -r 60

 

All the XSS vulnerabilities are reported in xssrapy-vulns.txt

Note: If  it gives an error : ImportError: cannot import name LinkExtractor . This means that you don’t have the latest version of scrapy. You can install it using: sudo pip install --upgrade scrapy.

 

Download now – XSSCRAPY

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Leave a Reply