Thursday, 12 June 2014
One comments

XSSYA Cross Site Scripting And Vulnerability Confirmation Scanner


XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation written in python scripting language confirm the XSS Vulnerability in two method first work by execute the payload encoded to bypass Web Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie.
This tool will help you to scan XSS as manually.

XSSYA Features

* Support HTTPS
* After Confirmation (execute payload to get cookies)
* Can be run in (Windows - Linux)
* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)
*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
* Support Saving The Web HTML Code Before Executing
the Payload Viewing the Web HTML Code into the Screen or Terminal


Video:


More details
http://www.secure-edf.com/xssya.html

Download
https://github.com/yehia-mamdouh/XSSYA


About The Author:
Yehia Mamdouh, He is Senior Security Researcher & Web Penetration Tester at Defencely
And Cofounder & Instructor of Master Metasploit Course At BlueKizen.
He wrote numerous articles in Web attacks ,PDF forensics and Network attack  in Hakin9 Magazine, SecurityKaizen Magazine He also get Acknowledged in the hall of fame of  many website like (  Delevoers.com , Sonatype.com, marktplaats.nl, fogcreek.com, opentext.com, pinoyhacknews.com)

1 comments:

  1. Very good Post, well written and very thought out. I am looking forward to reading more of your posts in the future and your blogs is marvelous.
    Thanks
    Susanne Green
    medical assistant

    ReplyDelete

 
Toggle Footer
Top