蜗蜗侠's Blog-关注网络安全移动版

主页 > 神兵利器 >

XSS漏洞检测爬虫-XSScrapy

下载地址:https://github.com/DanMcInerney/xsscrapy

 

XSScrapy的XSS漏洞攻击测试向量将会覆盖

 

User-Agent字段

Http头中的Referer字段
Cookie
RUL末尾,如 www.example.com/<script>alert(1)</script>
 
表单(包括隐藏表单)
URL参数
跳转型XSS

基本检测命令 ./xsscrapy.py -u http://baidu.com 如果你需要登陆的话,加上账号、密码作为参数即可 ./xsscrapy.py -u http://something.com/login_page -l loginname -p pa$$word 检测结果将会存储在XSS-vulnerable.txt.

常见报错:

Traceback (most recent call last): File "./xsscrapy.py", line 4, in <module> from scrapy.cmdline import execute ImportError: No module named scrapy.cmdline

缺少模块,直接执行直接 pip install Scrapy

File "./xsscrapy.py", line 5, in <module> from xsscrapy.spiders.xss_spider import XSSspider File "/root/Desktop/xsscrapy-master/xsscrapy/spiders/xss_spider.py", line 25, in <module> from IPython import embed ImportError: No module named IPython

缺少模块,直接执行直接 easy_install -U IPython

如果还是不行试着执行 pip install pybloom

参考:http://www.freebuf.com/sectool/43194.html


(责任编辑:蜗蜗侠)