This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Xenotix XSS Exploit Framework"

From OWASP
Jump to: navigation, search
m (v6.1)
(documentation)
Line 96: Line 96:
 
*Advanced Request Fuzzer
 
*Advanced Request Fuzzer
 
*OAuth 1.0a Request Scanner
 
*OAuth 1.0a Request Scanner
*DOM XSS Analyzer
+
*DOM Scanner
*Local DOM XSS Analyzer
+
**DOM XSS Analyzer
 +
**Local DOM XSS Analyzer
 
*Hidden Parameter Detector
 
*Hidden Parameter Detector
  
Line 226: Line 227:
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
  
'''Introduction to OWASP Xenotix XSS Exploit Framework'''
+
Check: https://www.youtube.com/playlist?list=PLX3EwmWe0cS80ls3TsNiukQD0hfZjLHnP
 
 
{{#ev:youtube|C15po4TK4Os}}
 
 
 
'''Detecting XSS in GET Request'''
 
 
 
{{#ev:youtube|fPC_stgovcU}}
 
 
 
'''Detecting XSS with GET Request Fuzzer'''
 
 
 
{{#ev:youtube|K5nbgvXvY1g}}
 
 
 
'''Detecting XSS with POST Request Fuzzer'''
 
 
 
{{#ev:youtube|AqdEG-vsywQ}}
 
 
 
'''Detecting XSS with POST Request Fuzzer in an Authenticated Page'''
 
 
 
{{#ev:youtube|J_qdm_-XVV0}}
 
 
 
'''Detecting XSS with Advanced Request Fuzzer'''
 
 
 
{{#ev:youtube|R8AgEWPFJ1g}}
 
 
 
 
 
'''XSS Filter Bypass, Detection and Explanation with OWASP Xenotix'''
 
 
 
{{#ev:youtube|loZSdedJnqc}}
 
 
 
'''Version 4.5 Videos'''
 
 
 
{{#ev:youtube|jm1-_nTlhzY}}
 
 
 
 
 
'''Version 4 Videos'''
 
 
 
{{#ev:youtube|dCo5BCJWOdA}}
 
 
 
 
 
'''Version 3 Videos'''
 
 
 
{{#ev:youtube|CJEgO4_kd-8}}
 
{{#ev:youtube|owfF9C_Xerw}}
 
{{#ev:youtube|i8c3kf4t6A8}}
 
{{#ev:youtube|IT-8IH3yRrA}}
 
{{#ev:youtube|cgLGgVWvi9Y}}
 
 
 
  
 
</div>
 
</div>

Revision as of 12:02, 8 December 2014

OWASP Project Header.jpg

OWASP Xenotix XSS Exploit Framework

Xen6.png

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be. It is claimed to have the world’s 2nd largest XSS Payloads of about 4800+ distinctive XSS Payloads. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes real world offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation. Say no to alert pop-ups in PoC. Pen testers can now create appealing Proof of Concepts within few clicks.


<paypal>OWASP Xenotix XSS Exploit Framework</paypal>

LICENSING

OWASP Xenotix XSS Exploit Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


PRESENTATIONS

DEFCON DCG Banglore 2013

BlackHat Europe Arsenal 2013

Nulcon Goa 2013

ClubHack 2012

PROJECT LEADER

Ajin Abraham | @ajinabraham

PROJECT WEBSITE

AWARDS

Top 5th Security Tool of 2013
Recommended by CSPF

QUICK DOWNLOAD

Dwd.png

NEWS AND EVENTS

RELATED PROJECTS


CLASSIFICATIONS

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-breakers-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Xenotix_XSS_Exploit_Framework&oldid=186634"