Xenotix XSS Exploit Framework v4 2013 - an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Scanner Modules

• Manual Mode Scanner 
• Auto Mode Scanner 
• DOM Scanner 
• Multiple Parameter Scanner 
• POST Request Scanner 
• Header Scanner 
• Fuzzer 
• Hidden Parameter Detector

Information Gathering Modules 

• Victim Fingerprinting 
• Browser Fingerprinting 
• Browser Features Detector 
• Ping Scan 
• Port Scan 
• Internal Network Scan

Exploitation Modules

• Send Message 
• Cookie Thief 
• Phisher 
• Tabnabbing 
• Keylogger 
• HTML5 DDoSer 
• Executable Drive By 
• JavaScript Shell 
• Reverse HTTP WebShell 
• Drive-By Reverse Shell 
• Metasploit Browser Exploit 
• Firefox Reverse Shell Addon (Persistent) 
• Firefox Session Stealer Addon (Persistent) 
• Firefox Keylogger Addon (Persistent) 
• Firefox DDoSer Addon (Persistent) 
• Firefox Linux Credential File Stealer Addon (Persistent) 
• Firefox Download and Execute Addon (Persistent)

Utility Modules

• WebKit Developer Tools 
• Payload Encoder

Support on Facebook

• Xenotix on Facebook

White Paper and Slides

• Nullcon Goa 2013, India (Slides)
• Download From Exploit-DB
• Download From PacketStorm Security

Tutorials
Version 3 Videos

• OWASP Xenotix XSS Exploit Framework v3 2013: XSS Scanner Module
• OWASP Xenotix XSS Exploit Framework v3 2013: XSS Keylogger
• OWASP Xenotix XSS Exploit Framework v3 2013: XSS Executable Drive-By
• OWASP Xenotix XSS Exploit Framework v3 2013: XSS Reverse Shell
• OWASP Xenotix XSS Exploit Framework v3 2013: XSS DDoSer

Version 2 Videos

• Xenotix XSS Exploit Framework 2013 Version 2 Tutorial

Version 1 Videos

• Xenotix XSS Exploit Framework 2012 Version 1 Tutorial

Talk on OWASP Xenotix XSS Exploit Framework [video]

• OWASP Xenotix XSS Exploit Framework v2 2012: Talk at ClubHack 2012, India

IMPORTANT

• The tool may be detected by some Anti-virus solutions as a threat. However it is due to the features in the exploitation framework.

Download

• Version 4 Download OWASP Xenotix XSS Exploit Framework v4
• Version 4 Mirror: DropBox
• Version 3 File:OWASP Xenotix XSS Exploit Framework v3 2013.zip
• Version 2 File:Xenotix XSS Exploit Framework 2013 v2.zip
• Version 1 File:Xenotix XSS Exploitation Framework.zip

Screenshot -

Source-
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework