xsscrapy – XSS/SQLi Spider

xsscrapy, a tool, that examines given URL to find cross-site scripting and some SQL injection vulnerabilities.

 

Requirements

  • Python
  • xsscrapy
  • Linux operating system
  • May need additional libraries depending on OS (libxml2 libxslt zlib libffi openssl and sometimes libssl-dev)

 

Download and Install

Step 1: Download and install xsscrapy from GitHub or type the following command given below:

wget -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install -r requirements.txt

 

Step 2: To run the command within the main folder:

./xsscrapy.py -u http://example.com

 Step 3: To login and crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname

 Step 4: To login with HTTP basic auth then crawl:

./xsscrapy.py -u http://example.com/login_page -l loginname --basic

 Step 5: To use cookies:

./xsscrapy.py -u http://example.com/login_page --cookie "SessionID=abcdef1234567890"

 Step 6: To limit simultaneous connections (upto 20):

./xsscrapy.py -u http://example.com -c 20

 Step 7: To rate limit to 60 requests per minute:

./xsscrapy.py -u http://example.com/ -r 60

 

All the XSS vulnerabilities are reported in xssrapy-vulns.txt

Note: If  it gives an error : ImportError: cannot import name LinkExtractor . This means that you don’t have the latest version of scrapy. You can install it using: sudo pip install --upgrade scrapy.

 

Download now – XSSCRAPY

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience