Hackers of India

OWASP Xenotix XSS Exploit Framework

By  Ajin Abraham  on 26 Mar 2015 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
XENOTIX XSS EXPLOIT FRAMEWORK

Abstract

OWASP Xenotix XSS Exploit Framework is an advanced Cross-Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides zero false positive XSS detection by performing the scan within the browser engines where in real world, payloads get reflected. Xenotix scanner module is incorporated with three intelligent fuzzers to reduce the scan time and produce better results. If you really don’t like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to work. It is claimed to have the world’s 2nd largest XSS payloads of about 4800+ distinctive XSS payloads. It is incorporated with a feature-rich information gathering module for target reconnaissance. The exploit framework includes real-world offensive XSS exploitation modules for penetration testing and proof-of-concept creation. Say no to alert pop-ups in PoC. Pen-testers can now create appealing proof-of-concepts within a few clicks.