View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000581Kali LinuxNew Tool Requestspublic2013-09-14 17:162020-03-18 17:41
Reporterorf Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0000581: xcat
Description

XCat is a tool for exploiting blind XPath injection flaws. While XPath injection flaws are not common they do turn up from time to time and XCat can be extremely helpful in exploring them.

Its useful in a pentest because it's "SQLMap for xpath flaws", allowing you to:

  • Read arbitrary files on the filesystem (in any format, with some limitations)
  • Make the server send portions of the document to XCat via HTTP, dramatically increasing retrieval times
  • Retrieve the whole document being queried using standard blind injection techniques

Its also very lightweight and only has one dependency (Python-twisted). I wrote this tool as a companion to a blackhat paper I authored a year or so ago, and I figure that it might as well be included because there isn't much else that does what xcat does.

https://github.com/orf/xcat

Activities

g0tmi1k

g0tmi1k

2018-01-29 15:19

administrator   ~0008504

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-03-18 17:41

administrator   ~0012440

No response since 2018 (2 years).... Closing.

Please reopen if the information can be provided.

Issue History

Date Modified Username Field Change
2013-09-14 17:16 orf New Issue
2018-01-29 15:19 g0tmi1k Note Added: 0008504
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-03-18 17:41 g0tmi1k Status new => closed
2020-03-18 17:41 g0tmi1k Resolution open => won't fix
2020-03-18 17:41 g0tmi1k Note Added: 0012440