Pybelt - The Hackers Tool Belt

Pybelt is an open source hackers tool belt complete with:

• A port scanner
• SQL injection scanner
• Dork checker
• Hash cracker
• Hash type verification tool
• Proxy finding tool
• XSS scanner

It is capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.

Screenshots
SQL Injection scanning made easy, just provide a URL and watch it work

Dork checker, have some Dorks you're not sure of? Go ahead and run the Dork check with the Dork as an argument, it will pull 100 URLs and give you success rate for the Dork

Hash cracking made simple, provide the hash type at the end ":md5, :sha256, etc" for a specific hash, or ":all" for all algorithms available on your machine

And many more!

Usage

Installation
You can either clone the repository

git clone https://github.com/ekultek/pybelt.git

or download the latest release as a zip/tar ball here
Once you have the program installed cd into the directory and run the following command:

pip install -r requirements.txt

This will install all of the programs needed libraries and should be able to be run from there.
###Functionality

python pybelt.py -p 127.0.0.1

Will run a port scan on your local host

python pybelt.py -s http://example.com/php?id=2

Will run a SQLi scan on the given URL

python pybelt.py -d idea?id=55

Will run a Dork check on the given Google Dork

python pybelt.py -c 9a8b1b7eee229046fc2701b228fc2aff:all

Will attempt to crack the hash using all algorithms available on the computer

python pybelt.py -v 098f6bcd4621d373cade4e832627b4f6

Will try to verify the hash type

python pybelt.py -f

Will find usable proxies

python pybelt.py -x http://127.0.0.1/php?id=1

Will search the URL for XSS vulnerability

Download Pybelt

Read More

BruteXSS - Tool to find XSS vulnerabilities in web application

BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application.

This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience.

This tool is developed in Python, so obviously cross platform, you just need Python installed in your machine.

Steps

1. Just download your tool & run brutexss.py (Everything this tool needed is provided to it)

Screenshots

Download BruteXSS

Read More

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities.

XSS attack vectors xsscrapy will test

• Referer header (way more common than I thought it would be!)
• User-Agent header
• Cookie header (added 8/24/14)
• Forms, both hidden and explicit
• URL variables
• End of the URL, e.g. www.example.com/<script>alert(1)</script>
• Open redirect XSS, e.g. looking for links where it can inject a value of javascript:prompt(1)

XSS attack vectors xsscrapy will not test

• Other headers

Let me know if you know of other headers you’ve seen XSS-exploitable in the wild and I may add checks for them in the script.

• Persistent XSS’s reflected in pages other than the immediate response page

If you can create something like a calendar event with an XSS in it but you can only trigger it by visiting a specific URL that’s different from the immediate response page then this script will miss it.

• DOM XSS

DOM XSS will go untested.

• CAPTCHA protected forms

This should probably go without saying, but captchas will prevent the script from testing forms that are protected by them.

• AJAX

Because Scrapy is not a browser, it will not render javascript so if you’re scanning a site that’s heavily built on AJAX this scraper will not be able to travel to all the available links. I will look into adding this functionality in the future although it is not a simple task.

From within the main folder run:

./xsscrapy.py -u http://something.com

If you wish to login then crawl:

./xsscrapy.py -u http://something.com/login_page -l loginname -p pa$$word

Output is stored in XSS-vulnerable.txt.

Download XSScrapy

Read More

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie

XSSYA Features

 * Support HTTPS

* After Confirmation (execute payload to get cookies)

* Can be run in (Windows - Linux)

* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)

*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)

* Support Saving The Web HTML Code Before Executing

the Payload Viewing the Web HTML Code into the Screen or Terminal

Download XSSYA

Read More

[XSSless] An automated XSS payload generator written in python

An automated XSS payload generator written in python.

Usage

1. Record request(s) with Burp proxy
2. Select request(s) you want to generate, then right click and select "Save items"
3. Use xssless to generate your payload: ./xssless.py burp_export_file
4. Pwn!

A more detailed tutorial can be found here

Features

• Automated XSS payload generation from imported Burp proxy requests
• Payloads are 100% asynchronous and won't freeze the user's browser
• CSRF tokens can be easily extracted and set via the -p option
• POST multipart is supported, along with XSS file uploading via the -f option
• Payloads are dynamic and portable (due to relative URLs)
• Crazy JavaScript worms with no hassle!

Download XSSless

Read More

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

SCANNER MODULES

• Manual Mode Scanner
• Auto Mode Scanner
• DOM Scanner
• Multiple Parameter Scanner
• POST Request Scanner
• Header Scanner
• Fuzzer
• Hidden Parameter Detector

INFORMATION GATHERING MODULES

• Victim Fingerprinting
• Browser Fingerprinting
• Browser Features Detector
• Ping Scan
• Port Scan
• Internal Network Scan

EXPLOITATION MODULES

• Send Message
• Cookie Thief
• Phisher
• Tabnabbing
• Keylogger
• HTML5 DDoSer
• Executable Drive By
• JavaScript Shell
• Reverse HTTP WebShell
• Drive-By Reverse Shell
• Metasploit Browser Exploit
• Firefox Reverse Shell Addon (Persistent)
• Firefox Session Stealer Addon (Persistent)
• Firefox Keylogger Addon (Persistent)
• Firefox DDoSer Addon (Persistent)
• Firefox Linux Credential File Stealer Addon (Persistent)
• Firefox Download and Execute Addon (Persistent)

UTILITY MODULES

• WebKit Developer Tools
• Payload Encoder 

Download Xenotix XSS Exploit Framework v4

Read More

[Xenotix] XSS Exploit Framework 2013 v2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features: 

• Built in XSS Payloads
• XSS Key logger
• XSS Executable Drive-by downloader
• Automatic XSS Testing
• XSS Encoder
• XSS Reverse Shell (new)

Download Xenotix XSS Exploit Framework 2013 v2

Read More

[Snuck] Automatic XSS filter bypass

Snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's.

snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. 

The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.

snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM.

Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application.

Download Snuck

Read More