View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006243 | Kali Linux | [All Projects] Queued Tool Addition | public | 2020-03-31 10:53 | 2021-09-13 17:36 |
Reporter | luisfontes10 | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | acknowledged | Resolution | open | ||
Product Version | |||||
Target Version | Fixed in Version | ||||
Summary | 0006243: XXExploiter - Tool to generate XXE payloads and automate attacks | ||||
Description | [Name] XXExploiter [Version] 0.1.7 [Homepage] https://luisfontes19.github.io/xxexploiter/ [Download] https://www.npmjs.com/package/xxexploiter/v/0.1.7 [Author] luisfontes19 [Licence] MIT [Description] Tool to generate various XXE payloads and automate the process of sending to server. Also includes a fuzzer through xxe [Dependencies] Node (tested with version 10 and 12) [Similar tools] XXEinjector [Activity] Started on March 20, still being developed and improved [How to install] npm install xxexploiter. To build it from source (without version bump): npm install -g typescript ts-node tsc --project ./tsconfig.json && chmod +x dist/cli.js [How to use] xxexploiter file /etc/somefile -x request.txt -t template.xml command to generate an XXE payload to read a file from FS (/etc/somefile) and use an xml template to inject the payload. It will automatically make a request, based on the raw request in request.txt command to generate multiple XXE payloads to read a file from FS (in root folder)based on a wordlist It will automatically make the request, based on the raw request in request.txt and filter the responses by the string "not found". If the string is not preset, it was the expected "success" request xxexploiter file /root/{FUZZ} -w wordlist.txt -n "not found" -x request.txt [Packaged] - No need, packaged for NPM | ||||
|
@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-03-31 10:53 | luisfontes10 | New Issue | |
2020-05-29 14:10 | g0tmi1k | Status | new => acknowledged |
2020-05-29 14:10 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
2020-05-29 14:10 | g0tmi1k | Note Added: 0012851 |