Apps: XSS Shell, nJin4, Peach Fuzzer

By | November 20, 2006

Today’s security applications: XSS Shell – an interactive shell for cross site scripting; nJin4 – a SQL/PHP vulnerability scanner and Peach framework – an advanced fuzzing framework.

XSS Shell is a cross-site-scripting backdoor and zombie manager. While normally in XSS attacks attacker has one shot, XSS Shell allows you to interactively send requests and get responses from the vulnerable server. XSS Shell renders the vulnerable web page and keeps the user in a virtual environment, so even if you click links the vulnerable page will be still under control.

Other features include: data logger, mouse logger, execute supplied Java Script data, retrieve IP address information and much more. Download

nJin4 is a script to scan for SQL/PHP vulnerabilities in PHP source code. It audits the source code for SQL injection vulnerabilities and cross-site-scripting attacks. Results are stored in a readable HTML format. Download

Peach is fuzzer framework intended to provide a mix of flexibility, code reuse and fast development time. Peach can fuzz just about anything from COM/ActiveX, SQL, shared libraries/DLL´s, network applications, web applications etc. Written in Python and works on any platform that runs Python. Download

Leave a Reply