Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/orf/xcat
XPath injection tool
https://github.com/orf/xcat
Last synced: about 2 months ago
JSON representation
XPath injection tool
- Host: GitHub
- URL: https://github.com/orf/xcat
- Owner: orf
- License: mit
- Created: 2011-09-05T11:30:07.000Z (about 13 years ago)
- Default Branch: master
- Last Pushed: 2023-01-11T21:46:05.000Z (over 1 year ago)
- Last Synced: 2024-07-07T16:34:50.615Z (3 months ago)
- Language: Python
- Homepage: https://xcat.readthedocs.org/
- Size: 22.8 MB
- Stars: 356
- Watchers: 18
- Forks: 80
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# XCat
![Python package](https://github.com/orf/xcat/workflows/Python%20package/badge.svg)
![](https://img.shields.io/pypi/v/xcat.svg)
![](https://img.shields.io/pypi/l/xcat.svg)
![](https://img.shields.io/pypi/pyversions/xcat.svg)
[![Rawsec's CyberSecurity Inventory](https://inventory.raw.pm/img/badges/Rawsec-inventoried-FF5050_flat.svg)](https://inventory.raw.pm/)
[![](https://images.microbadger.com/badges/image/tomforbes/xcat.svg)](https://microbadger.com/images/tomforbes/xcat)XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.
For a complete reference read the documentation here: https://xcat.readthedocs.io/en/latest/
It supports an large number of features:
- Auto-selects injections (run `xcat injections` for a list)
- Detects the version and capabilities of the xpath parser and
selects the fastest method of retrieval- Built in out-of-bound HTTP server
- Automates XXE attacks
- Can use OOB HTTP requests to drastically speed up retrieval- Custom request headers and body
- Built in REPL shell, supporting:
- Reading arbitrary files
- Reading environment variables
- Listing directories
- Uploading/downloading files (soon TM)- Optimized retrieval
- Uses binary search over unicode codepoints if available
- Fallbacks include searching for common characters previously retrieved first
- Normalizes unicode to reduce the search space## Install
Run `pip install xcat`
Or using docker: `docker run -it tomforbes/xcat --help`
Or on fedora, `dnf install xcat` 😎
**Requires Python 3.7**. You can easily install this with [pyenv](https://github.com/pyenv/pyenv):
`pyenv install 3.7.1`## Example application
There is a complete demo application you can use to explore the features of XCat.
See the README here: https://github.com/orf/xcat_app