xsscrapy - XSS/SQLi Spider

Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. 

From within the main folder run: 
./xsscrapy.py -u http://example.com

If you wish to login then crawl: 
./xsscrapy.py -u http://example.com/login_page -l loginname

If you wish to login with HTTP Basic Auth then crawl: 
./xsscrapy.py -u http://example.com/login_page -l loginname --basic

If you wish to use cookies: 
./xsscrapy.py -u http://example.com/login_page --cookie "SessionID=abcdef1234567890"

If you wish to limit simultaneous connections to 20: 
./xsscrapy.py -u http://example.com -c 20

wget -O https://bootstrap.pypa.io/get-pip.py python get-pip.py
pip install -r requirements.txt

If it gives an error : ImportError: cannot import name LinkExtractor . This means that you don't have the latest version of scrapy. You can install it using: sudo pip install --upgrade scrapy .

It's called XSScrapy, so why SQL injection detection too? There is overlap between dangerous XSS chars and dangerous SQL injection characters, namely single and double quotes. Detecting SQL injection errors in a response is also simple and nonCPU-intensive. So although 99% of this script is strongly geared toward high and accurate detection of XSS adding simple SQL injection detection through error message discovery is a simple and effective addition. 

This script will not test for blind sql injection. Error messages it looks for come straight from w3af's sqli audit plugin.

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.