View Issue Details

IDProjectCategoryView StatusLast Update
0006243Kali Linux[All Projects] New Tool Requestspublic2020-03-31 10:53
Reporterluisfontes10 Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006243: XXExploiter - Tool to generate XXE payloads and automate attacks
Description [Name]
XXExploiter

[Version]
0.1.7

[Homepage]
https://luisfontes19.github.io/xxexploiter/

[Download]
https://www.npmjs.com/package/xxexploiter/v/0.1.7

[Author]
luisfontes19

[Licence]
MIT

[Description]
Tool to generate various XXE payloads and automate the process of sending to server. Also includes a fuzzer through xxe

[Dependencies]
Node (tested with version 10 and 12)

[Similar tools]
XXEinjector

[Activity]
Started on March 20, still being developed and improved

[How to install]
npm install xxexploiter.

To build it from source (without version bump):
npm install -g typescript ts-node
tsc --project ./tsconfig.json && chmod +x dist/cli.js

[How to use]
xxexploiter file /etc/somefile -x request.txt -t template.xml
command to generate an XXE payload to read a file from FS (/etc/somefile) and use an xml template to inject the payload. It will automatically make a request, based on the raw request in request.txt

command to generate multiple XXE payloads to read a file from FS (in root folder)based on a wordlist
It will automatically make the request, based on the raw request in request.txt and filter the responses by the string "not found". If the string is not preset, it was the expected "success" request
xxexploiter file /root/{FUZZ} -w wordlist.txt -n "not found" -x request.txt


[Packaged] - No need, packaged for NPM

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-03-31 10:53 luisfontes10 New Issue