Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
des_outils_pour_scanner_des_xss [2019/09/11 20:07] M0N5T3R |
des_outils_pour_scanner_des_xss [2020/06/01 14:06] (Version actuelle) m0n5t3r |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | ||
+ | |||
+ | ====== Des outils pour scanner des XSS ====== | ||
+ | |||
+ | **XSS online scanner** | ||
+ | |||
+ | |||
+ | 🛠 Find xss online https://pentest-tools.com/website-vulnerability-scanning/xss-scanner-online# | ||
+ | |||
+ | 🛠 Find xss online http://xss-scanner.com/ | ||
+ | |||
+ | **XSS webmail** | ||
+ | |||
+ | 🛠 Webmail XSS Tester - Excess2 https://www.gremwell.com/excess2_webmail_xss_tester | ||
+ | |||
+ | |||
+ | 🛠 xss-webmail-fuzzer.py | ||
+ | https://pastebin.com/xZQ3WfNS | ||
+ | |||
+ | |||
+ | **XSS ** | ||
+ | |||
+ | 🛠 XSS-Radar https://github.com/bugbountyforum/XSS-Radar | ||
+ | |||
+ | 🛠 XSSHunter https://github.com/mandatoryprogrammer/xsshunter | ||
+ | |||
+ | 🛠 xsshunter_client https://github.com/mandatoryprogrammer/xsshunter_client | ||
+ | |||
+ | 🛠 Domxssscanner https://github.com/yaph/domxssscanner | ||
+ | |||
+ | 🛠 BruteXSS https://github.com/rajeshmajumdar/BruteXSS | ||
+ | |||
+ | 🛠 XSS'OR http://xssor.io/ | ||
+ | |||
+ | 🛠 Powerfull XSS Scanning and Parameter analysis tool&gem https://github.com/hahwul/XSpear | ||
+ | |||
+ | 🛠 PwnXSS: Vulnerability (XSS) scanner exploit https://github.com/pwn0sec/PwnXSS | ||
+ | |||
+ | 🛠 XSS Payloads The wonderland of JavaScript unexpected usages, and more. | ||
+ | Much much more ... http://www.xss-payloads.com | ||
+ | |||
+ | 🛠 XSS Hunter Burp Plugin https://github.com/mystech7/Burp-Hunter | ||
+ | |||
+ | |||
+ | 🛠 Automated blind-xss search for Burp Suite. Contribute to wish-i-was/femida development by creating an account on GitHub. https://github.com/wish-i-was/femida | ||
+ | |||
+ | 🛠 DOM XSS scanner for Single Page Applications https://github.com/fcavallarin/domdig | ||
+ | |||
+ | 🛠 Burp extension helps in finding blind xss vulnerabilities - BitTheByte/BitBlinder https://github.com/BitTheByte/BitBlinder | ||
+ | |||
+ | 🛠 XSS explot kit/Blind XSS framework/BurpSuite extension - psych0tr1a/elScripto https://github.com/psych0tr1a/elScripto | ||
+ | |||
+ | |||
+ | 🛠 This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities. https://github.com/nVisium/xssValidator | ||
+ | |||
+ | |||
+ | 🛠 Burp plugin able to find reflected XSS on page in real-time while browsing on site https://github.com/elkokc/reflector | ||
🛠 Cross Site Scripting Recursive Scanner https://github.com/hdbreaker/XSS_SCANER | 🛠 Cross Site Scripting Recursive Scanner https://github.com/hdbreaker/XSS_SCANER | ||
+ | 🛠 xsshunter https://github.com/mandatoryprogrammer/xsshunter | ||
+ | |||
+ | 🛠 An automatic XSS discovery tool https://github.com/gbrindisi/xsssniper | ||
+ | |||
+ | 🛠 Go Web Application Penetration Test https://github.com/dzonerzy/goWAPT | ||
+ | |||
+ | 🛠 DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities https://github.com/yaph/domxssscanner | ||
+ | |||
+ | 🛠 BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application https://github.com/rajeshmajumdar/BruteXSS | ||
🛠 XSpear: Powerfull XSS Scanning and Parameter Analysis tool https://haxf4rall.com/2019/07/27/xspear-powerfull-xss-scanning-and-parameter-analysis-tool/ | 🛠 XSpear: Powerfull XSS Scanning and Parameter Analysis tool https://haxf4rall.com/2019/07/27/xspear-powerfull-xss-scanning-and-parameter-analysis-tool/ | ||
Ligne 8: | Ligne 74: | ||
🛠 AbernathY-XSS https://twitter.com/andraxpentest/status/968634728512458753 | 🛠 AbernathY-XSS https://twitter.com/andraxpentest/status/968634728512458753 | ||
+ | |||
+ | |||
+ | 🛠 XSSCon: Simple XSS Scanner tool https://github.com/menkrep1337/XSSCon | ||
+ | |||
Ligne 27: | Ligne 97: | ||
🛠 A fully functional Cross-site scripting vulnerability scanner,supporting GET and POST parameters,and written in under 100 lines of code : https://github.com/stamparm/DSXS | 🛠 A fully functional Cross-site scripting vulnerability scanner,supporting GET and POST parameters,and written in under 100 lines of code : https://github.com/stamparm/DSXS | ||
+ | |||
+ | |||
+ | 🛠 The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. https://github.com/0xInfection/XSRFProbe | ||
+ | |||
+ | |||
+ | 🛠 XSS spider - 66/66 wavsep XSS detected https://github.com/DanMcInerney/xsscrapy | ||
+ | |||
+ | 🛠 Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. https://github.com/epsylon/xsser | ||
+ | |||
+ | |||
+ | 🛠 An automated XSS payload generator written in python. https://github.com/mandatoryprogrammer/xssless | ||
+ | |||
+ | |||
+ | 🛠 XssPy - Web Application XSS Scanner https://github.com/faizann24/XssPy | ||
+ | |||
+ | |||
+ | 🛠 XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) https://github.com/yehia-mamdouh/XSSYA | ||
+ | |||
+ | 🛠 XSSYA-V-2.0 (XSS Vulnerability Confirmation ) https://github.com/yehia-mamdouh/XSSYA-V-2.0 | ||
+ | |||
+ | 🛠 XSS Chef: A #web #application for generating custom #XSS #payloads. https://github.com/rastating/xss-chef | ||
+ | |||
+ | |||
+ | 🛠 Vaya-ciego-nen is a tool that allows you to create your own webapp to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities. https://github.com/hipotermia/vaya-ciego-nen | ||