Skip to content

0xr0n0/xpathiarmus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
test_time_based.php
test_time_based.php
 
 
xpathiarmus.py
xpathiarmus.py
 
 

Repository files navigation

XPathiarmus

XPath Injection Attack Tool for blind injection attacks.

██╗  ██╗██████╗  █████╗ ████████╗██╗  ██╗██╗ █████╗ ██████╗ ███╗   ███╗██╗   ██╗███████╗
╚██╗██╔╝██╔══██╗██╔══██╗╚══██╔══╝██║  ██║██║██╔══██╗██╔══██╗████╗ ████║██║   ██║██╔════╝
 ╚███╔╝ ██████╔╝███████║   ██║   ███████║██║███████║██████╔╝██╔████╔██║██║   ██║███████╗
 ██╔██╗ ██╔═══╝ ██╔══██║   ██║   ██╔══██║██║██╔══██║██╔══██╗██║╚██╔╝██║██║   ██║╚════██║
██╔╝ ██╗██║     ██║  ██║   ██║   ██║  ██║██║██║  ██║██║  ██║██║ ╚═╝ ██║╚██████╔╝███████║
╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝ ╚═════╝ ╚══════╝                                                                                                        
    by r0n0
    XPath Injection Attack Tool for blind injection

Description

XPathiarmus is a specialized tool designed to automate blind XPath injection attacks. It supports both time-based and boolean-based blind injection techniques to extract XML data from vulnerable applications.

Features

  • Blind Boolean-Based Injection (GET/POST)
  • Blind Time-Based Injection (GET/POST)
  • Automatic XML structure enumeration
  • Recursive data extraction
  • Support for custom request delays

Installation

git clone https://github.com/yourusername/xpathiarmus.git
cd xpathiarmus

Usage

Blind Time-Based Attack

python3 xpathiarmus.py -u http://target.com/?search=test -p search -X GET -m blind-time -c 2

Parameters:

  • -c: Number of nested count() expressions (adjust for optimal timing difference)
  • Higher values create more delay but increase reliability

Blind Boolean-Based Attack

python3 xpathiarmus.py -u http://target.com/login -X POST \
  -d "username=test&password=test" \
  -m blind-boolean \
  -p username \
  -v "Welcome" \
  -i "Invalid credentials"

Parameters:

  • -v: String indicating valid/successful response
  • -i: String indicating invalid/failed response

Command Line Options

-u, --url       Target URL with parameters
-X, --method    HTTP method (GET/POST)
-d, --data      POST data (if applicable)
-p, --param     Parameter to inject
-m, --mode      Attack mode (blind-boolean, blind-time)
-v, --valid     Valid response indicator (boolean mode)
-i, --invalid   Invalid response indicator (boolean mode)
-c, --counts    Nested count levels for time delays (default: 10)
-t, --delay     Delay between requests in seconds (default: 0)

Testing

A test PHP file is included for time-based attack testing:

php -S localhost:8000 test_time_based.php
python3 xpathiarmus.py -u "http://localhost:8000/test_time_based.php?search=test" \
  -X GET -m blind-time -c 10

Disclaimer

This tool is for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal. The author is not responsible for misuse of this tool.

Author

r0n0

About

XPath injection tool

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages