KNOXSS Community Edition 作成者: Brute Logic
Tool for XSS (Cross-Site Scripting) discovery.
この拡張機能を使用するには Firefox が必要です
拡張機能メタデータ
スクリーンショット
この拡張機能について
KNOXSS Community Edition is a FREE standalone version of KNOXSS browser add-on designed to find the main XSS (Cross-Site Scripting) cases shown here.
In current version (beta 0.2.0) it can detect all XSS cases below for GET and POST requests. Just open one of the testing URLs and click on add-on's icon in your Firefox.
Main advantages include HIGH SPEED and GOOD EFFICIENCY to find covered cases in regular scenarios (exact reflection of input in response).
Unfortunately it's very prone to both false positive and false negative since it works by parsing the source code not by actual detection of JavaScript execution like main KNOXSS does.
Here are the URLs (XSS cases) for testing:
GET Method:
https://brutelogic.com.br/gxss.php?a=any
https://brutelogic.com.br/gxss.php?b1=any
https://brutelogic.com.br/gxss.php?b2=any
https://brutelogic.com.br/gxss.php?b3=any
https://brutelogic.com.br/gxss.php?b4=any
https://brutelogic.com.br/gxss.php?c1=any
https://brutelogic.com.br/gxss.php?c2=any
https://brutelogic.com.br/gxss.php?c3=any
https://brutelogic.com.br/gxss.php?c4=any
https://brutelogic.com.br/gxss.php?c5=any
https://brutelogic.com.br/gxss.php?c6=any
POST Method:
http://testphp.vulnweb.com/
https://demo.testfire.net/
https://brutelogic.com.br/pxss.php
Feedback is welcome @brutelogic.
In current version (beta 0.2.0) it can detect all XSS cases below for GET and POST requests. Just open one of the testing URLs and click on add-on's icon in your Firefox.
Main advantages include HIGH SPEED and GOOD EFFICIENCY to find covered cases in regular scenarios (exact reflection of input in response).
Unfortunately it's very prone to both false positive and false negative since it works by parsing the source code not by actual detection of JavaScript execution like main KNOXSS does.
Here are the URLs (XSS cases) for testing:
GET Method:
https://brutelogic.com.br/gxss.php?a=any
https://brutelogic.com.br/gxss.php?b1=any
https://brutelogic.com.br/gxss.php?b2=any
https://brutelogic.com.br/gxss.php?b3=any
https://brutelogic.com.br/gxss.php?b4=any
https://brutelogic.com.br/gxss.php?c1=any
https://brutelogic.com.br/gxss.php?c2=any
https://brutelogic.com.br/gxss.php?c3=any
https://brutelogic.com.br/gxss.php?c4=any
https://brutelogic.com.br/gxss.php?c5=any
https://brutelogic.com.br/gxss.php?c6=any
POST Method:
http://testphp.vulnweb.com/
https://demo.testfire.net/
https://brutelogic.com.br/pxss.php
Feedback is welcome @brutelogic.
あなたの体験を評価
この開発者を支援する
この拡張機能の開発者は、開発を続けていくため、少額の寄付による支援を求めています。
権限詳細情報
このアドオンの権限:
- 通知の表示
- ブラウザーのタブへのアクセス
- ナビゲーション中のブラウザーアクティビティへのアクセス
- すべてのウェブサイトの保存されたデータへのアクセス
詳しい情報
- アドオンリンク
- バージョン
- 0.2.0
- サイズ
- 18.19 KB
- 最終更新日
- 6年前 (2019年8月12日)
- 関連カテゴリー
- ライセンス
- All Rights Reserved
- バージョン履歴
コレクションへ追加
0.2.0 のリリースノート
Added automatic capture of HTML forms to find XSS with POST method.
Added PoC for XSS with POST method.
Added PoC for XSS with POST method.
Brute Logic が公開している他の拡張機能
まだ評価されていません- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません