其他
XSS漏洞扫描器(2种方法)
1.使用ppmap检测和利用XSS漏洞
sudo apt-get install chromium
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -sudo apt-get updatesudo apt-get install google-chrome-stable
go get -u github.com/chromedp/chromedp
https://github.com/kleiton0x00/ppmaphttps://github.com/kleiton0x00/ppmap/releasesgit clone https://github.com/kleiton0x00/ppmap.git
cd ppmapgo build ppmap.go(1).单个扫描
echo 'https://target.com' | ./ppmapecho 'http://target.com/something/?page=home' | ./ppmap(2).批量扫描
cat url.txt | ./ppmap2.使用XSStrike进行XSS的漏洞扫描
https://github.com/s0md3v/XSStrikegit clone https://github.com/s0md3v/XSStrike.git
cd XSStrikepip install -r requirements.txtpython --versioncd XSStrikepython xsstrike.py -u https://target.compython xsstrike.py -u http://target.com/something/?page=homeDOM XSS
Reflected XSS
Crawling
Fuzzing
Bruteforcing payloads from a file
Interactive HTTP Headers Prompt
Hidden Parameter Discovery