Tool of the day

RVuln:-- A multi-threaded-vulnerability-scanner written in Rust

Automated #Web Vulnerability Scanner.

Features

•  Scans for #XSS #vulnerabilities

•  Multi-threaded scanning

Supported Operating Systems:-

•  #Ubuntu/ #Debian based OS

•  #ArchLinux based OS

•  #Windows 10

Installation

Debian | Ubuntu | Arch based distributions

• git clone https://github.com/iinc0gnit0/RVuln

• curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

• source $HOME/.cargo/env

• cd RVuln

• Debian/Ubuntu based distributions: sudo apt install openssl-dev

• Arch based distrobutions: sudo pacman -S openssl

• cargo build --release

• mv target/release/RVuln .

Windows 10 (won't give you the best experience)

• Go to the follwoing link to install Rust https://turreta.com/2019/09/06/how-to-install-rust-on-windows-10/

• Then download the zip https://github.com/iinc0gnit0/RVuln/archive/master.zip and extract it

• Go to the RVuln directory and use do cargo build --release

• The executable will be located at target/release/RVuln.exe

Usage

Startup the tool

• ./RVuln

• You can add this to /usr/bin if you want to access it anywhere

• Target URL

Full URL without the parameters

• Example: https://portswigger-labs.net/xss/xss.ph

Query Parameters

• Enter the query parameters

• Put $ where you want the payload to go

• Example: x=$&y=$&z=$

Path to Wordlist

• Full path to wordlist

• Example: /home/inc0gnit0/wordlists/super_awesome_payloads.txt

Verbose Output

• Verbose on will show every request

• Verbose off will only show payloads that are potentially vulnerable

Output of the tool