Saturday, 7 December 2024
Vulnerability Analysis Web Application

XSSYA – Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation that is working in two methods.

  • Method number 1 for Confirmation Request and Response
  • Method number 2 for Confirmation Execute encoded payload and search for the same payload in web HTML code but decoded

What is Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
XSSYA – Cross Site Scripting Scanner & Vulnerability Confirmation Features:

  • Can be run in (Windows – Linux)
  • Support HTTPS
  • After Confirmation (execute payload to get cookies)
  • Identify 3 Types of WAF (Mod_Security – WebKnight – F5 BIG IP)

XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall) It Also Support Saving the Web Html Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal.
XSSYA is available at  github, to download it, open a terminal and execute the following command.

git clone https://github.com/yehia-mamdouh/XSSYA
cd xssya
ls -la
AUTHOR.txt
LICENSE.txt
README.md
custom.py
xssya.py
python xssya.py http://www.domain.com/ http://www.domain.com= http://www.domain.com?

For more info visit https://github.com/yehia-mamdouh/XSSYA, and the new version foe XSSYA is now available on git.

Post Comment