xss_fuzzer_console ~ Semi-intelligent fuzzing tool.

xss_fuzzer_console ~ Semi-intelligent fuzzing tool.

xss_fuzzer_console is a Semi-intelligent fuzzing tool. Program analyzes html output and constructs attack strings based on the output. If desired, the program will modify each character to attempt to bypass filtering. One advantage of this fine-tuned approach is fewer network connections, so you don’t have to flood the target network.

Program interface is a unix-like command prompt (Think msfconsole). Multithreaded Support – Set thread count when spidering or fuzzing. Connection Delay – Set connection delays to avoid flooding the target or to avoid any mechanisms that prevent frequent connections.

Todo: Additions:
Large
+ Stored XSS analysis
+ Right now only the spider has been implemented; initial version of fuzzer not added yet
+ Handle multiple simultaneous attack sessions (run multiple fuzzers and spiders simultaneously)

Medium
+ Handle JS reflect context
+ Handle unique attribute reflect content
+ Improve Spider: Consider beautifulsoup, check ‘src’ attr
+ Check forms/input for URLs (currently only check a tags)
+ Make attack on main thread with a whole lot of progress output
+ Change maximum depth option, so that direct directory children receive the set depth, rather than getting decremented
+ Make it so that on first connection, for one of the parameterized url’s query parameters, the html response will be saved for that AttackURL (kind of unintelligible). This will reduce at least one network connection per url

Small
+ Add spider duration option
+ Add Attack Attempt Count option
+ Add Parameter Limit option
+ Spider output when finished
+ Handle printing to sdout without disrupting the cmd line
+ Implement show command to show current attack urls
+ For showing specific url data show snippet of reflection and current fuzzer characters, and the target string
Rename DictQueue to something cooler like AttackSession or something

Usage:

Source: https://github.com/tytrusty