XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities.
For a complete reference read the documentation here: https://xcat.readthedocs.io/en/latest/
It supports an large number of features:
Auto-selects injections (run xcat injections
for a list)
Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval
Built in out-of-bound HTTP server
Custom request headers and body
Built in REPL shell, supporting:
Optimized retrieval
Run pip install xcat
Or using docker: docker run -it tomforbes/xcat --help
Or on fedora, dnf install xcat
😎
Requires Python 3.7. You can easily install this with pyenv:
pyenv install 3.7.1
There is a complete demo application you can use to explore the features of XCat. See the README here: https://github.com/orf/xcat_app