xfil is a tool that performs blind XPath exploitation and data exfiltration. This tool is created for penetration testers performing authorized security assessments.
Project description
xfil
xfil is a tool that performs blind XPath exploitation and data exfiltration. This tool is created for penetration testers performing authorized security assessments.
Usage
usage: xfil.py [-h] [-q] --url URL --method {GET,POST} --param PARAM [--success-text SUCCESS_TEXT] [--failure-text FAILURE_TEXT] [--success-code SUCCESS_CODE]
[--failure-code FAILURE_CODE] [--post-data POST_DATA] [--content-type {application/json,application/x-www-form-urlencoded,multipart/form-data}] [--headers HEADERS] [-v]
options:
-h, --help show this help message and exit
-q, --quiet Suppress banner
--url URL Target URL
--method {GET,POST} HTTP method
--param PARAM Vulnerable parameter name
--success-text SUCCESS_TEXT
Text indicating successful injection
--failure-text FAILURE_TEXT
Text indicating failed injection
--success-code SUCCESS_CODE
HTTP status code indicating success
--failure-code FAILURE_CODE
HTTP status code indicating failure
--post-data POST_DATA
Additional POST data in format "key1=value1&key2=value2" or JSON string
--content-type {application/json,application/x-www-form-urlencoded,multipart/form-data}
Content-Type header for POST requests
--headers HEADERS Additional headers in JSON format or "Key: Value" pairs separated by semicolons or newlines
-v, --version Show program version
Note: If the --success-text argument is used, --failure-text must also be specified. The --failure-text argument can be used alone.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xfil-0.1.2.tar.gz.
File metadata
- Download URL: xfil-0.1.2.tar.gz
- Upload date:
- Size: 8.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d401fbb6b486fe99208076ddd0206a381f41c5d4092924d3e98c414e8a5d8274
|
|
| MD5 |
0682b65a69baf629ce074f874f98a8b7
|
|
| BLAKE2b-256 |
b430524332a61d557bb00d12d7ecee4da8a2a6062c4b2bbc716d081f159dd1a6
|
File details
Details for the file xfil-0.1.2-py3-none-any.whl.
File metadata
- Download URL: xfil-0.1.2-py3-none-any.whl
- Upload date:
- Size: 9.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
86372d1807ff1f83cc6f99d33fcf67e4195403c415b96341bbe97b2f3a47c1dc
|
|
| MD5 |
3ddf573862e3d0ff7076a3506ce9dd17
|
|
| BLAKE2b-256 |
107c155d71aa7aba759bcdaee0fdea63f3988f373cad23e311b442cb5f47989f
|
