Skip to content
/ xss_suggester Public

A framework that suggests actions to perform during a web application penetration test, based on a multiobjective reinforcement learning environment

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

catuhub/xss_suggester

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
data
data
 
 
ex
ex
 
 
q_free_tables
q_free_tables
 
 
q_modified_tables
q_modified_tables
 
 
static
static
 
 
templates
templates
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
Action.py
Action.py
 
 
BaseElement.py
BaseElement.py
 
 
CSVActions.py
CSVActions.py
 
 
CSVHackingState.py
CSVHackingState.py
 
 
CSVModelManager.py
CSVModelManager.py
 
 
CSVObservations.py
CSVObservations.py
 
 
CSVUtil.py
CSVUtil.py
 
 
DataToView.py
DataToView.py
 
 
Dockerfile
Dockerfile
 
 
Doxyfile
Doxyfile
 
 
GraphHackingGoal.py
GraphHackingGoal.py
 
 
HackingCmdLineInterface.py
HackingCmdLineInterface.py
 
 
HackingGoal.py
HackingGoal.py
 
 
HackingState.py
HackingState.py
 
 
Observation.py
Observation.py
 
 
README.md
README.md
 
 
app.py
app.py
 
 
hackinggoal.png
hackinggoal.png
 
 
requirements.txt
requirements.txt
 
 
start.sh
start.sh
 
 
test.csv
test.csv
 
 
test_HackingGoal.py
test_HackingGoal.py
 
 
test_HackingState.py
test_HackingState.py
 
 
test_api.sh
test_api.sh
 
 
test_composedElement.py
test_composedElement.py
 
 
test_csvElements.py
test_csvElements.py
 
 
test_csvModel.py
test_csvModel.py
 
 
test_elements.py
test_elements.py
 
 

Repository files navigation

xss_suggester

A framework that suggests actions to perform during a web application penetration test, based on a multiobjective reinforcement learning environment. Currently supports XSS vulnerabilities detection. Try it on OWASP WAVSEP benchmark!

Requirements

Python 2.7

Installation

git clone https://github.com/catuhub/xss_suggester.git

cd xss_suggester

pip install -r requirements.txt

python app.py

Point your browser to localhost:5000

Dockerfile

docker build . -t xss_suggester

docker run -d -p 5000:5000 xss_suggester

Test with Wavsep

docker run -d -p 8080:8080 owaspvwad/wavsep

Point your browser to localhost:8080/wavsep/active/Reflected-XSS/RXSS-Detection-Evaluation-GET/

Pick a test case, follow the suggestions and check if you can find XSS vulnerabilities.

About

A framework that suggests actions to perform during a web application penetration test, based on a multiobjective reinforcement learning environment

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages