OWASP Xenotix XSS Exploit Framework是一个高效的跨站脚本漏洞(XSS)检测和攻击测试框架。它通过特有的三大浏览器引擎(包括Trident, WebKit和Gecko)进行安全扫描检测,并且其号称拥有全世界第二大的XSS测试Payload,同时具有WAF绕过能力。

扫描模块

 

Manual Mode Scanner Auto Mode Scanner DOM Scanner Multiple Parameter Scanner POST Request Scanner Header Scanner Fuzzer Hidden Parameter Detector

信息采集模块

 

 

Victim Fingerprinting Browser Fingerprinting Browser Features Detector Ping Scan Port Scan Internal Network Scan

攻击测试模块

 

 

Send Message Cookie Thief Phisher Tabnabbing Keylogger HTML5 DDoSer Executable Drive By JavaScript Shell Reverse HTTP WebShell Drive-By Reverse Shell Metasploit Browser Exploit Firefox Reverse Shell Addon (Persistent) Firefox Session Stealer Addon (Persistent) Firefox Keylogger Addon (Persistent) Firefox DDoSer Addon (Persistent) Firefox Linux Credential File Stealer Addon (Persistent) Firefox Download and Execute Addon (Persistent)

附加工具

WebKit Developer Tools
Payload Encoder


转自:http://www.freebuf.com/tools/11678.html

转载文章请注明,转载自:小马's Blog https://www.i0day.com

本文链接: https://www.i0day.com/1421.html