Home

Awesome

License Issues open GitHub pull requests GitHub closed issues GitHub last commit

WebXmlExploiter

The WebXmlExploiter is a tool to exploit exposed by misconfiguration or path traversal web.xml files.<br> It will try to download all .class and xml files based on the information extracted from the web.xml file.

Notes

Installation

Download the latest release and unpack it in the desired location.<br> Remember to install GoLang in case you want to run from the source.<br> WebXmlExploiter uses the github.com/antchfx/xmlquery libraries.

Check the following link for more information: https://github.com/antchfx/xmlquery/

License

WebXmlExploiter is licensed under the SushiWare license. Check docs/license.txt for more information.

Usage/Help

Please refer to the output of -h for usage information and general help. Also, you can contact me on ##spoonfed@freenode.org (two #)<br> Example: go run webxmlexploiter.go -u https://vulnapp/somedir/anotherdir/../../../WEB-INF/

Usage of webxmlexploiter:
  -u string
        Vulnerable URL without the web.xml at end. Ex:https://vulnapp/somedir/anotherdir/../../../WEB-INF/
  -v    Prints the current version and exit.

Go Version

Tested on:<br> go version go1.14.4 windows/amd64<br> go version go1.15.2 linux/amd64

To Do

Parsing enhancements Add cookies support