|
|
This message:
pip3 install -r requirements.txt
error: externally-managed-environment
× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.
If you wish to install a non-Kali-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have pypy3-venv installed.
If you wish to install a non-Kali-packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.
For more information, refer to the following:
* https://www.kali.org/blog/python-externally-managed/
* /usr/share/doc/python3.12/README.venv
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider.
You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.
|
|
|
Why not install via pipx as mentioned in the message above?
First, install pipx with sudo apt update && sudo apt install pipx.
Then install xsstrike with pipx install xsstrike:
┌──(kali㉿kali)-[~]
└─$ pipx install xsstrike
installed package xsstrike 3.2.2, installed using Python 3.12.6
These apps are now globally available
- xsstrike
⚠ Note: '/home/kali/.local/bin' is not on your PATH environment variable.
These apps will not be globally accessible until your PATH is updated.
Run `pipx ensurepath` to automatically add it, or manually modify your
PATH in your shell's config file (e.g. ~/.bashrc).
done! ✨ � ✨
Run pipx ensurepath as suggested above:
┌──(kali㉿kali)-[~]
└─$ pipx ensurepath
Success! Added /home/kali/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for
instructions.
You will need to open a new terminal or re-login for the PATH changes to
take effect. Alternatively, you can source your shell's config file with
e.g. 'source ~/.bashrc'.
Otherwise pipx is ready to go! ✨ � ✨
Then open a new terminal, and you can run xsstrike:
┌──(kali㉿kali)-[~]
└─$ xsstrike
usage: xsstrike [-h] [-u target] [--data paramdata] [-e encode] [--fuzzer]
[--update] [--timeout timeout] [--proxy] [--crawl] [--json]
[--path] [--seeds args_seeds] [-f args_file] [-l level]
[--headers [add_headers]] [-t threadcount] [-d delay]
[--skip] [--skip-dom] [--blind]
[--console-log-level {debug,info,run,good,warning,error,critical,vuln}]
[--file-log-level {debug,info,run,good,warning,error,critical,vuln}]
[--log-file log_file] [-n payload_count]
options:
-h, --help show this help message and exit
-u target, --url target
url
--data paramdata post data
-e encode, --encode encode
encode payloads
--fuzzer fuzzer
--update update
--timeout timeout timeout
--proxy use prox(y|ies)
--crawl crawl
--json treat post data as json
--path inject payloads in the path
--seeds args_seeds load crawling seeds from a file
-f args_file, --file args_file
load payloads from a file
-l level, --level level
level of crawling
--headers [add_headers]
add headers
-t threadcount, --threads threadcount
number of threads
-d delay, --delay delay
delay between requests
--skip don't ask to continue
--skip-dom skip dom checking
--blind inject blind xss payload while crawling
--console-log-level {debug,info,run,good,warning,error,critical,vuln}
console logging level
--file-log-level {debug,info,run,good,warning,error,critical,vuln}
file logging level
--log-file log_file name of the file to log
-n payload_count number of generated payloads to print. default is efficiency based.
Does that work for you? |
