XCat
XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.
For a complete reference read the documentation here: https://xcat.readthedocs.io/en/latest/
It supports an large number of features:
-
Auto-selects injections (run
xcat injections
for a list) -
Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval
-
Built in out-of-bound HTTP server
- Automates XXE attacks
- Can use OOB HTTP requests to drastically speed up retrieval
-
Custom request headers and body
-
Built in REPL shell, supporting:
- Reading arbitrary files
- Reading environment variables
- Listing directories
- Uploading/downloading files (soon TM)
-
Optimized retrieval
- Uses binary search over unicode codepoints if available
- Fallbacks include searching for common characters previously retrieved first
- Normalizes unicode to reduce the search space
Install
Run pip install xcat
Or using docker: docker run -it tomforbes/xcat --help
Or on fedora, dnf install xcat
Requires Python 3.7. You can easily install this with pyenv:
pyenv install 3.7.1
Example application
There is a complete demo application you can use to explore the features of XCat. See the README here: https://github.com/orf/xcat_app