Преминете към съдържанието

МЕУ организира кампания за пентестове в държавната администрация

Целта на кампанията е да подобри киберсигурността в държавната администрация, като участието в нея е доброволно и не се обвързва с възнаграждение.
Прочети повече за програмата

Добре дошли в Хакинг.БГ! 

Всеки един от нас стои на раменете на гигантите, споделили знанията и опита си с нас.

Този форум е нашият начин да върнем жеста за бъдещите и текущите кадри в киберсигурността.

Стремим се да предоставим платформа, където членовете могат да развиват своите умения, като се дава приоритет на етиката, сигурността и поверителността!

Нов Мощен XSS Инструмент - #IbrahimXSS

Препоръчан пост

  • Група:  [Администратор]
  • Последователи:  7
  • Брой мнения:  50
  • Репутация:   42
  • Спечелени дни:  21
  • Регистриран на:  10.04.2023
  • Статус:  Оффлайн
  • Система/OS::  Windows

Привет на всички, бих искал да споделя с вас един нов инструмент за тестване на XSS Уязвимости, напълно автоматизиран.



Инструментът може да бъде намерен на следния адрес: #IBRAHIMXSS

Като по-долу предоставям официалното ревю от собственика.


In the ever-evolving landscape of cybersecurity, the battle between attackers and defenders rages on. To stay one step ahead, security professionals need advanced tools that can uncover vulnerabilities and weaknesses in web applications. Meet the #IBRAHIMXSS Tool, a groundbreaking solution that is setting new standards in the world of web security.

A Tool with a Mission

My mission has always been to provide innovative and effective cybersecurity solutions. The development of the #IBRAHIMXSS Tool was driven by a commitment to ensure that web applications remain secure and resilient in the face of ever-growing threats. The #IBRAHIMXSS Tool, short for Cross-Site Scripting Tool, has been meticulously crafted to address the diverse and complex challenges posed by modern web applications.

The Power to Uncover XSS Vulnerabilities

XSS vulnerabilities are a constant concern for web application developers and security experts. Exploiting these vulnerabilities can lead to data breaches, defacement, and other forms of cyberattacks. The #IBRAHIMXSS Tool is engineered to detect and exploit XSS vulnerabilities, making it an invaluable asset for security professionals and ethical hackers.

A Wide Range of Capabilities

The #IBRAHIMXSS Tool is equipped with a wide range of capabilities to address different scenarios and challenges:

  • GET and POST Requests: The tool offers the flexibility to perform both GET and POST request-based tests for XSS vulnerabilities.
  • Encoded Payloads: To bypass Web Application Firewalls (WAFs) and other security mechanisms, the tool comes with a library of encoded payloads that can slip through the tightest security defenses.
  • Lab-Tested and Field-Ready: Our tool has been rigorously tested in a variety of labs and real-world web applications. It’s battle-hardened and ready to take on any challenge.
  • Support for DOM-Based XSS: DOM-based XSS attacks are on the rise, and the tool is equipped to identify and exploit these vulnerabilities effectively.
  • Path-Based XSS: Injecting payloads into the path of URLs is a common attack vector. Our tool allows for path-based testing with optional prefixes and suffixes.
  • JSON-Based XSS: JSON payloads are supported for POST requests, allowing for a deeper level of testing.
  • Multi-threading: The tool supports multi-threading, enabling simultaneous testing of multiple URLs to save time.
  • Intelligent URL Shuffling: When dealing with multiple URLs, the tool intelligently shuffles them to avoid detection and distribute requests evenly.
  • Resume Interrupted Scans: In case a scan is interrupted, you can resume from where you left off, ensuring thorough testing without duplication.
  • Customizable Delay: A delay can be set between requests to mimic human behavior and avoid triggering rate limits or detection mechanisms.
  • Timeout Management: Set maximum timeout values to ensure efficient testing without waiting indefinitely.
  • Zero False Positives: Trust in its accuracy and save valuable time by focusing only on real vulnerabilities.
  • Unique Innovation: Harness the power of advanced algorithms and techniques not found in other tools.
  • Flexible Detection Modes: Adapt to any scenario with customizable options for quick scans or deep analysis.
  • WAF Bypass: Evade Web Application Firewalls to ensure a true assessment of your web security.
  • Stealth Mode: Conduct scans discreetly without alerting potential intruders.
  • Over 2500 Encoded Payloads: Test a wide range of XSS attack vectors with a comprehensive library of payloads.
  • Customizable Payloads: Create and use tailored payloads for specific needs and scenarios.
  • Exportable Reports: Share detailed, professional reports with stakeholders, demonstrating the thoroughness and effectiveness of your security efforts.
  • XSS into all kinds of extensions: Expand your security coverage with support for various URL extensions.
  • Support for Various Web Technologies: Ensure comprehensive security across different platforms.
  • Continuous Updates: Stay ahead of evolving threats with regular updates to the tool.
  • High Performance: Optimized for speed and efficiency, delivering rapid and accurate results.
  • Automated Scanning: Schedule regular scans and maintain continuous security monitoring with minimal manual intervention.
  • Accurate Detection Algorithms: Minimize false positives with precise and reliable vulnerability detection.
  • Easy Configuration: User-friendly settings and intuitive controls for quick setup and scanning.
  • Advanced Search and Filter Options: Quickly locate specific vulnerabilities and focus on the most critical issues.
  • Rapid Deployment: Swift and efficient deployment with minimal setup requirements.

Using the #IBRAHIMXSS Tool

Getting started with the #IBRAHIMXSS Tool is straightforward. You can use command-line arguments to tailor your tests to your specific needs. Here are some examples:

  1. To perform GET requests with custom payloads:

./xss-checker — get — urls urls.txt — payloads payloads.txt

2. To perform POST requests with custom headers and JSON payloads:

./xss-checker — post — request request.txt — payloads payloads.txt — json

3. To customize thread count and timeout values:

./xss-checker — get — urls urls.txt — payloads payloads.txt — threads 20 — timeout 8000

4. To inject payloads into URL paths with prefixes and suffixes:

./xss-checker — get — urls urls.txt — payloads payloads.txt — path — prefix 123 — suffix .html

5. And much much more options from the Tool…

Unmatched Accuracy and Recent Achievements

One of the standout features of the #IBRAHIMXSS Tool is its unparalleled accuracy. I take pride in the fact that my tool delivers a 100% success rate without generating false positives. It’s a testament to the dedication and expertise of my pentest team.


Get Request:

Url Tested: http://testphp.vulnweb.com/listproducts.php?artist=1


1*xKdVfccJEFxzh3nU1ctJnA.png Report after scan


1*jY3D_rvd3Jz93WWadOKDyQ.png Scanning process in terminal


1*v5DAuN4HPoYcJ6UFJvyzDA.png Command to run GET req scanning

FIle with report sample for GET req: https://www.sendspace.com/file/odau5q

POST Request:

Url Tested: http://testphp.vulnweb.com/guestbook.php


1*ECKs_CAZrb_9NocRtaD6zg.png Report after scan


1*ONQ16t-ReGzwH8dGdgkP_w.png Report after scan


1*wfjTLPFa4W9PAhWtK3aGXA.png Scanning process in terminal


1*k5Da3YUl_jWIvxCVSdr5VQ.png Command to run POST req scanning

Report sample for POST req: https://www.sendspace.com/file/pv8n4g

PATH Request:

Url Tested: https://brutelogic.com.br/xss.php/


1*FlIB-H7KJh790M-aIacT7g.png Report after scan


1*TFzoApDwd_dkSMx9vEhuUw.png Scanning process in terminal


1*b_aR9dyDZx4N6eRwPu_bOA.png Command to run PATH req scanning


1*La_F66nh7lgg0GeEy0Od1w.png Report after scan


1*VNGs0GJsTch22quDEJl-PA.png Scanning process in terminal

Report sample for DOM req: https://www.sendspace.com/file/sakxfh


Url Tested: https://indiamp3.net/download/telugu-mp3-songs/1.html


1*Kuha1YzhpslpnJlxftiNqA.png Report after scan


1*fadOVFB-VKovejXmxM22ww.png Scanning process in terminal

Report sample for EXTENSION req: https://www.sendspace.com/file/a9hpff

In recent times, my tool has demonstrated its prowess by uncovering an XSS vulnerability within Microsoft’s web applications. I’m excited to share that I have been in communication with Microsoft, and we anticipate an acknowledgment from them. This achievement showcases the real-world impact of the #IBRAHIMXSS Tool and reaffirms its effectiveness in identifying critical vulnerabilities.

Comprehensive Reporting for Enhanced Security

In addition to its powerful testing capabilities, the #IBRAHIMXSS Tool provides a detailed report in HTML format, ensuring that security professionals have all the information they need to take swift action. This report includes a screenshot highlighting the exact location where the XSS vulnerability was discovered, the payload used to trigger the vulnerability, and the entire path link where the XSS was observed and also an image POC. This proof of concept not only streamlines the remediation process but also assists in demonstrating the critical nature of the identified vulnerabilities to stakeholders.

With the #IBRAHIMXSS Tool and its detailed reporting, you have the ultimate solution to tackle XSS vulnerabilities head-on. Elevate your web security practices and join me in the mission to make the digital world a safer place.


The #IBRAHIMXSS Tool is not just another tool in the cybersecurity arsenal; it’s a game-changer. With its wide array of features, intelligent testing capabilities, and relentless pursuit of security, this tool empowers security professionals to safeguard web applications with confidence.

Unleash the power of the #IBRAHIMXSS Tool, and stay ahead in the battle against web vulnerabilities. Developed with dedication and designed to secure the digital world, it’s your go-to solution for XSS testing.

Are you ready to take web security to the next level? Try the #IBRAHIMXSS Tool today and experience the future of web application security. Your journey begins with the #IBRAHIMXSS Tool.



Link to comment
Сподели другаде

Join the conversation

Можете да публикувате сега и да се регистрирате по-късно. If you have an account, sign in now to post with your account.

Отговори на тази тема

×   Поставено като форматиран текст.   Вместо това поставете като обикновен текст

  Разрешени са само 75 емотикони.

×   Вашата връзка е вградена автоматично.   Вместо това се показва като връзка

×   Вашето предишно съдържание е възстановено.   Изчистване на редактора

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

  • Регистрирайте се

    Регистрирайте се за да използвате пълната функционалност на форума 🙂

HACKING.BG Партньори


  • Създай ново...

Важна информация!

Политика за сигурност и условия на ползване Privacy Policy