Tag Archives: Web App

Installing XSScrapy on Kali Linux 1.0.9

Install the prerequisite python libraries, give it a URL, and watch it spider the entire site looking in every nook and cranny for XSS vulnerabilities.

apt-get install python-pip
git clone https://github.com/DanMcInerney/xsscrapy
cd xsscrapy
pip install -r requirements.txt
scrapy crawl xsscrapy -a url="http://example.com"
pip install ipython

To login then scrape:

scrapy crawl xsscrapy -a url="http://example.com/login" -a user=my_username -a pw=my_password

All vulnerabilities it finds will be places in formatted-vulns.txt. Example output when it finds a vulnerable user agent header:

source: http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/

Leave a Comment

September 19, 2014 0 Comments