Metadata-Version: 2.1
Name: xcat
Version: 1.0.5
Summary: A command line tool to automate the exploitation of blind XPath injection vulnerabilities
Home-page: https://github.com/orf/xcat
License: MIT
Author: Tom Forbes
Author-email: tom@tomforb.es
Requires-Python: >=3.7
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Requires-Dist: aiodns
Requires-Dist: aiohttp (>=3.0.0,<4.0.0)
Requires-Dist: appdirs
Requires-Dist: cchardet
Requires-Dist: click
Requires-Dist: colorama
Requires-Dist: prompt-toolkit (<4)
Requires-Dist: xpath-expressions (>=1.0.0,<2.0.0)
Description-Content-Type: text/markdown

# XCat

![Python package](https://github.com/orf/xcat/workflows/Python%20package/badge.svg)
![](https://img.shields.io/pypi/v/xcat.svg)
![](https://img.shields.io/pypi/l/xcat.svg)
![](https://img.shields.io/pypi/pyversions/xcat.svg)

XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.

For a complete reference read the documentation here: https://xcat.readthedocs.io/en/latest/

It supports an large number of features:

- Auto-selects injections (run `xcat injections` for a list)

- Detects the version and capabilities of the xpath parser and
  selects the fastest method of retrieval

- Built in out-of-bound HTTP server
    - Automates XXE attacks
    - Can use OOB HTTP requests to drastically speed up retrieval

- Custom request headers and body

- Built in REPL shell, supporting:
    - Reading arbitrary files
    - Reading environment variables
    - Listing directories
    - Uploading/downloading files (soon TM)

- Optimized retrieval
    - Uses binary search over unicode codepoints if available
    - Fallbacks include searching for common characters previously retrieved first
    - Normalizes unicode to reduce the search space

## Install

Run `pip install xcat`

**Requires Python 3.7**. You can easily install this with [pyenv](https://github.com/pyenv/pyenv):
`pyenv install 3.7.1`

## Example application

There is a complete demo application you can use to explore the features of XCat.
See the README here: https://github.com/orf/xcat_app


