XCat

XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.

For a complete reference read the documentation here: https://xcat.readthedocs.io/en/latest/

It supports an large number of features:

Auto-selects injections (run xcat injections for a list)
Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval
Built in out-of-bound HTTP server
- Automates XXE attacks
- Can use OOB HTTP requests to drastically speed up retrieval
Custom request headers and body
Built in REPL shell, supporting:
- Reading arbitrary files
- Reading environment variables
- Listing directories
- Uploading/downloading files (soon TM)
Optimized retrieval
- Uses binary search over unicode codepoints if available
- Fallbacks include searching for common characters previously retrieved first
- Normalizes unicode to reduce the search space

Install

Run pip install xcat

Or using docker: docker run -it tomforbes/xcat --help

Or on fedora, dnf install xcat 😎

Requires Python 3.7. You can easily install this with pyenv: pyenv install 3.7.1

There is a complete demo application you can use to explore the features of XCat. See the README here: https://github.com/orf/xcat_app

Name		Name	Last commit message	Last commit date
Latest commit History 286 Commits
.github/workflows		.github/workflows
docs		docs
xcat		xcat
.bumpversion.cfg		.bumpversion.cfg
.dockerignore		.dockerignore
.editorconfig		.editorconfig
.env		.env
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README.md		README.md
example_headers.txt		example_headers.txt
mkdocs.yml		mkdocs.yml
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
test.sh		test.sh