View Issue Details

IDProjectCategoryView StatusLast Update
0006243Kali LinuxQueued Tool Additionpublic2021-09-13 17:36
Reporterluisfontes10 Assigned To 
Status acknowledgedResolutionopen 
Summary0006243: XXExploiter - Tool to generate XXE payloads and automate attacks







Tool to generate various XXE payloads and automate the process of sending to server. Also includes a fuzzer through xxe

Node (tested with version 10 and 12)

[Similar tools]

Started on March 20, still being developed and improved

[How to install]
npm install xxexploiter.

To build it from source (without version bump):
npm install -g typescript ts-node
tsc --project ./tsconfig.json && chmod +x dist/cli.js

[How to use]
xxexploiter file /etc/somefile -x request.txt -t template.xml
command to generate an XXE payload to read a file from FS (/etc/somefile) and use an xml template to inject the payload. It will automatically make a request, based on the raw request in request.txt

command to generate multiple XXE payloads to read a file from FS (in root folder)based on a wordlist
It will automatically make the request, based on the raw request in request.txt and filter the responses by the string "not found". If the string is not preset, it was the expected "success" request
xxexploiter file /root/{FUZZ} -w wordlist.txt -n "not found" -x request.txt

[Packaged] - No need, packaged for NPM




2020-05-29 14:10

administrator   ~0012851

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~

Issue History

Date Modified Username Field Change
2020-03-31 10:53 luisfontes10 New Issue
2020-05-29 14:10 g0tmi1k Status new => acknowledged
2020-05-29 14:10 g0tmi1k Category New Tool Requests => Queued Tool Addition
2020-05-29 14:10 g0tmi1k Note Added: 0012851