kisskissie - Simple proof of concept eXternal Xml Entity (XXE) scan and exfiltrate tool.

kisskissie – Simple proof of concept eXternal Xml Entity (XXE) scan and exfiltrate tool.

Kisskissie is a tool to automate XXE exfiltration easier.You should use this tool after you have confirmed that your target is vulnerable to XXE and you wish to exfil as much data as quickly as you can.
TODO: Add more builtin attack templates. Add fuzzing capabilities. Move code into classes and general clean up.

kisskissie - XXE attack tool

kisskissie – XXE attack tool

Authentication
HTTP basic authentication is supported by default. Use the –auth-user flag to specify a username and you will be prompted for a password.

Templates
Some applications may require custom templates files for the smasher if they expect specific HTTP headers in the request or require a specific XML format. These should be placed in templates/smasher; if you need to specify custom headers, the filename should end in .http. For an example, see example.http in this directory.
To specify a template, use the –template flag. For example:

usage:

Source: https://github.com/muttiopenbts