XXE Injection

  • ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

  • dtd-finder - List DTDs and generate XXE payloads using those local DTDs.

  • docem - Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)

  • xxeserv - A mini webserver with FTP support for XXE payloads

  • xxexploiter - Tool to help exploit XXE vulnerabilities

  • B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF

  • XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

  • oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes

  • metahttp - A bash script that automates the scanning of a target network for HTTP resources through XXE

PreviousXSS Cross Site ScriptingNextSetup Burp Collaborator Server

Last updated