[Owasp-leaders] OWASP Xenotix XSS Exploit Framework V5 Released

Michael Coates michael.coates at owasp.org
Thu Feb 13 16:37:55 UTC 2014


Ajin,

Nice work! Always great to see new releases for owasp tools. Do you have a
twitter message for this release I/we can retweet?

Also, I'm curious if you can tell us a bit more about how you integrate
with browser engines to eliminate false positives. It sounds like that can
be pretty powerful if you instrument the browser so you can really validate
if a XSS is present.

Thanks!


--
Michael Coates
@_mwc



On Wed, Feb 12, 2014 at 10:52 PM, Ajin Abraham <ajin.abraham at owasp.org>wrote:

> Hello Leaders,
>                     Valentines day wishes. I am glad to inform that, OWASP
> Xenotix XSS Exploit Framework V5 is Released.
>
> OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting
> (XSS) vulnerability detection and exploitation framework. It provides Zero
> False Positive scan results with its unique Triple Browser Engine (Trident,
> WebKit, and Gecko) embedded scanner. It is claimed to have the world's 2nd
> largest XSS Payloads of about 1600+ distinctive XSS Payloads for effective
> XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows
> you to create custom test cases and addons over the Xenotix API. It is
> incorporated with a feature rich Information Gathering module for target
> Reconnaissance. The Exploit Framework includes offensive XSS exploitation
> modules for Penetration Testing and Proof of Concept creation.
>
> V5 Additions
> ------------------
> Xenotix Scripting Engine
> Xenotix API
> V4.5 Bug Fixes
> GET Network IP (Information Gathering)
> QR Code Generator for Xenotix xook
> HTML5 WebCam Screenshot(Exploitation Module)
> HTML5 Get Page Screenshot (Exploitation Module)
> Find Feature in View Source.
> Improved Payload Count to 1630
> Name Changes
>
> Xenotix Scripting Engine and API
> -----------------------------------------------
> This release features the Xenotix Scripting Engine that works on the top
> of Xenotix API. The Scripting Engine helps you to create tools and test
> cases on the go based on your requirements. There are situations when you
> have to go the manual way and since the rule set set of an automated tool
> is not applicable in certain situations. Xenotix Scripting Engine powered
> by Xenotix API come into your rescue. Now you can make sure your tool works
> based on your requirements. Apply your Python scripting skills on the
> latest Scripting Engine.
>
> Xenotix API features
> ----------------------------
> * 1630 XSS Detection Payloads.
> * An inbuilt GET Request XSS Fuzzer for Intelligent and Fast XSS
> Vulnerability Detection.
> * Analyze Response in Trident and Gecko Web Engines to make sure that
> there are no false positives.
> * Interact with Web Engines from the scope of a Python Script.
> * Make GET and POST Requests with one liner codes.
>
> Download:
> https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
>
> Reguirements
> -------------------
> Microsoft .NET Framework 4.0
> http://www.microsoft.com/en-in/download/details.aspx?id=17718
> IronPython 2.7.3 http://ironpython.codeplex.com/downloads/get/423690
>
> --
>
> *Regards,Ajin Abraham*
>
> *Information Security Enthusiast.*
>
> *www.ajinabraham.com <http://www.ajinabraham.com> | www.defconkerala.com
> <http://www.defconkerala.com> www.opensecurity.in
> <http://www.opensecurity.in> | +91-9633325997 <%2B91-9633325997>*
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140213/0d32f061/attachment.html>


More information about the OWASP-Leaders mailing list