Difference between revisions of "OWASP Xenotix XSS Exploit Framework"

SCANNER MODULES

• GET Request Manual Mode
• GET Request Auto Mode
• DOM Scanner
• Multiple Parameter Scanner
• POST Request Scanner
• Request Repeater
• URL Fuzzer
• Hidden Parameter Detector

INFORMATION GATHERING MODULES

• WAF Fingerprinting
• Victim Fingerprinting
• Browser Fingerprinting
• Browser Features Detector
• Get Network IP
• Ping Scan
• Port Scan
• Internal Network Scan

EXPLOITATION MODULES

• Send Message
• Cookie Thief
• Phisher
• Tabnabbing
• Keylogger
• HTML5 DDoSer
• Load File
• Grab Page Screenshot
• Gram WebCam Screenshot
• Executable Drive By
• JavaScript Shell
• Reverse HTTP WebShell
• Drive-By Reverse Shell
• Metasploit Browser Exploit
• Firefox Reverse Shell Addon (Persistent)
• Firefox Session Stealer Addon (Persistent)
• Firefox Keylogger Addon (Persistent)
• Firefox DDoSer Addon (Persistent)
• Firefox Linux Credential File Stealer Addon (Persistent)
• Firefox Download and Execute Addon (Persistent)

UTILITY MODULES

• WebKit Developer Tools
• Payload Encoder
• JavaScript Beautify
• Hash Calculator
• Hash Detector

XENOTIX SCRIPTING ENGINE

• Xenotix API
• IronPython Scripting Support
• Trident and Gecko Web Engine Support

NULLCON GOA 2013

CLUBHACK 2012

IMPORTANT

Antivirus Solutions may detect it as a threat. However it is due to the features in the exploitation framework.

Latest Release

MD5: bdfce2d4af4012ecc20b86bed876a54a

Requirements

• Microsoft .NET Framework 4.0 http://www.microsoft.com/en-in/download/details.aspx?id=17718
• IronPython 2.7.3 http://ironpython.codeplex.com/downloads/get/423690

Older Versions

• Version 4.5 http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar
• Version 4 https://www.dropbox.com/s/ookdse6pyszh736/Xenotix%20XSS%20Exploit%20Framework%20V4.rar
• Version 3 https://www.owasp.org/index.php/File:OWASP_Xenotix_XSS_Exploit_Framework_v3_2013.zip
• Version 2 https://www.owasp.org/index.php/File:Xenotix_XSS_Exploit_Framework_2013_v2.zip
• Version 1 https://www.owasp.org/index.php/File:Xenotix_XSS_Exploitation_Framework.zip

Source

• GitHub https://github.com/ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework/

Version 5 Videos

Version 4.5 Videos

Version 4 Videos

Version 3 Videos

V5 Changes

• Xenotix Scripting Engine
• Xenotix API
• V4.5 Bug Fixes
• GET Network IP (Information Gathering)
• QR Code Generator for Xenotix xook
• HTML5 WebCam Screenshot(Exploitation Module)
• HTML5 Get Page Screenshot (Exploitation Module)
• Find Feature in View Source.
• Improved Payload Count to 1630
• Name Changes

V4.5 Changes

• JavaScript Beautifier
• Pause and Resume support for Scan
• Jump to Payload
• Cookie Support for POST Request
• Cookie Support and Custom Headers for Header Scanner
• Added TRACE method Support
• Improved Interface
• Better Proxy Support
• WAF Fingerprinting
• Load Files <exploitation module>
• Hash Calculator
• Hash Detector

Involvement in the development of Xenotix is highly encouraged!

Here are some of the ways you can help:

Support Us

• Facebook Page: Xenotix on Facebook
• Official Page: [Xenotix @ OpenSecurity]

Feedback & Queries

• Do you have any issues with it?
• Do you find any design flows or errors?
• Do you need help in using it?
• Do you have something to tell about it?

Then please use this form: https://docs.google.com/forms/d/1RpUhQvuHGvPTl7Gi-EXzecidGvJwKpsRaY9-MeXm1ro/viewform

Development

Are you a developer? Do you have some cool ideas to contribute? Get in touch via ajin [DOT] abraham [AT] owasp.org If you actively contribute to Xenotix then you will be invited to join the project.