OWASP Xenotix XSS Exploit Framework v6 Released

OWASP Xenotix XSS Exploit Framework v6 Released

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner.

It is claimed to have the world’s 2nd largest XSS Payloads of about 1600+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

screenshot_xenotix

Changelog v6.0

Feature Additions:

  • Intelli Fuzzer
  • Context Based Fuzzer
  • Blind Fuzzer
  • HTA Network Configuration
  • HTA Drive-By
  • HTA Drive-By Reverse Shell
  • JSFuck 6 Char Encoder
  • jjencode Encoder
  • aaencode Encoder
  • IP to Location
  • IP to GeoLocation
  • IP Hinting
  • Download Spoofer
  • HTML5 Geolocation API
  • Reverse TCP Shell Addon (Linux)
  • OAuth 1.0a Request Scanner
  • 4800+ Payloads
  • SSL Error Fixed

Xenotix Scripting Engine and API

This release features the Xenotix Scripting Engine that works on the top of Xenotix API. The Scripting Engine helps you to create tools and test cases on the go based on your requirements. There are situations when you have to go the manual way and since the ruleset set of an automated tool is not applicable in certain situations. Xenotix Scripting Engine powered by Xenotix API come into your rescue. Now you can make sure your tool works based on your requirements. Apply your Python scripting skills on the latest Scripting Engine.

Xenotix API features

  • 1630 XSS Detection Payloads.
  • An inbuilt GET Request XSS Fuzzer for Intelligent and Fast XSS Vulnerability Detection.
  • Analyze Response in Trident and Gecko Web Engines to make sure that there are no false positives.
  • Interact with Web Engines from the scope of a Python Script.
  • Make GET and POST Requests with one liner codes.

Reguirements

More Information: here

[button size=large style=round color=red align=none url=https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework#tab=Downloads]Download OWASP Xenotix XSS Exploit Framework v6.0 Released[/button]

Thanks to our friend Ajin Abraham for sharing this tool with us. 😉

MaxiSoler

www.artssec.com @maxisoler
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community