Posts tagged xss

 

Detecting and exploiting XSS injections using XSSer Tool

3

what is XSSer

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

we will test this tool on the http://testasp.vulnweb.com/ vulnerable site.

how to use this too

  1. root@punter:/pentest/web# $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser
  2. root@punter:/pentest/web# cd xsser
  3. root@punter:/pentest/web/xsser# python XSSer.py -u “http://testasp.vulnweb.com” -g “Search.asp?tfSearch=” –proxy “http://127.0.0.1:8118″ –referer “666.666.666.666” –user-agent “correct audit” –Fuzz -s
  4. below are the results

see the above results which is marked with blue and the attack URl we will test the results manually to confirm the XSS vulnerability chk the below screenshot

This Tool Works Perfectly finding XSS using the Automation Process

Security Assessment and Pentest tools Cheat Sheets

3

Got from my old Bookmarks ,below are some useful Cheat Sheets ,let me know if u found any other cheat sheets i will update the post

Nmap
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf

Nessus
http://www.secguru.com/link/nessus_nmap_scanning_cheatsheet
Backtrack 4
http://www.corelan.be:8800/index.php/2009/07/04/backtrack-4-cheat-sheet/
misc tools
http://www.sans.org/resources/sec560/misc_tools_sheet_v1.pdf
Metasploit Meterpreter
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient
http://www.rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html


Oracle Security
http://www.red-database-security.com/wp/oracle_cheat.pdf
XSS
http://ha.ckers.org/xss.html
http://openmya.hacker.jp/hasegawa/security/utf7cs.html
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

SQl Injection
http://ha.ckers.org/sqlinjection/
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/
http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php

Microsoft SQL,Sybase,MySQL,Oracle,PostgreSQL,DB2,IngresBypass SQL Injection Filters
http://michaeldaw.org/sql-injection-cheat-sheet
http://pentestmonkey.net/cheat-sheets/
Packetlife Cheatsheets

http://packetlife.net/cheatsheets/

Ed Skoudis’ Pentest Cheatsheets

Windows commandline tools
http://www.sans.org/resources/sec560/windows_command_line_sheet_v1.pdf
Netcat Cheat Sheet
http://www.sans.org/resources/sec560/netcat_cheat_sheet_v1.pdf
Useful Attack Tools, Metasploit commands, HPing, FGDump
http://www.sans.org/resources/sec560/misc_tools_sheet_v1.pdf

Reverse Engineering Malware Cheat Sheet

http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html

Security Archiecture Cheat Sheet for Internet Applications

http://zeltser.com/security-management/security-architecture-cheat-sheet.html

CEH cheatsheets from Mindcert

http://www.mindcert.com/resources/MindCert_Nmap_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Enumeration_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Ethical_Hacking_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Footprinting_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Scanning_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_System_Hacking_MindMap.pdf

http://www.mindcert.com/resources/MindCert_CEH_Trojans_MindMap.pdf

http://www.mindcert.com/resources/CCNA_Cisco_IP_Routing.pdf

Go to Top