[Name]
XXExploiter

[Version]
0.1.7

[Homepage]
https://luisfontes19.github.io/xxexploiter/

[Download]
https://www.npmjs.com/package/xxexploiter/v/0.1.7

[Author]
luisfontes19

[Licence]
MIT

[Description]
Tool to generate various XXE payloads and automate the process of sending to server. Also includes a fuzzer through xxe

[Dependencies]
Node (tested with version 10 and 12)

[Similar tools]
XXEinjector

[Activity]
Started on March 20, still being developed and improved

[How to install]
npm install xxexploiter.

To build it from source (without version bump):
npm install -g typescript ts-node
tsc --project ./tsconfig.json && chmod +x dist/cli.js

[How to use]
xxexploiter file /etc/somefile -x request.txt -t template.xml
command to generate an XXE payload to read a file from FS (/etc/somefile) and use an xml template to inject the payload. It will automatically make a request, based on the raw request in request.txt

command to generate multiple XXE payloads to read a file from FS (in root folder)based on a wordlist
It will automatically make the request, based on the raw request in request.txt and filter the responses by the string "not found". If the string is not preset, it was the expected "success" request
xxexploiter file /root/{FUZZ} -w wordlist.txt -n "not found" -x request.txt

[Packaged] - No need, packaged for NPM