XSSYA (XSS Scanner & Vuln Confirmation) v2.0 Released
XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation wrote in python work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie.
- Support HTTPS
- After Confirmation (execute payload to get cookies)
- Can be run in (Windows – Linux)
- Identify 3 types of WAF (Mod_Security – WebKnight – F5 BIG IP)
- XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
- Support Saving The Web HTML Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal.
- More payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive URLs to be tested used to not allow any character at the end of the URL except (/ – = -?) but now this limitation has been removed.
- Custom Payload 1 – You have the ability to choose your custom payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns)
- (HTML Entities à Single & Double Quote only – brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page.
- HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads.
More Information: here
Thanks to Yehia Mamdouh, for sharing this tool with us.