and now we're going Thio, use X s s. Sir, we're gonna attempt to find cross site scripting with ex SS, sir.
And the command for that is ex SS
Tech C 100. This number of pages we wantto crawl here.
Tak c w. It's upper case C lower case w equals four. That's the depth of Carl. How many links do you want to click now? If you were just type Xs Esser Taxi 100 not have that depth of crawler, it's not gonna work. The number of pages to crawl
and the depth of the crawler.
I need to be in the same command together or else it's not gonna work at all. Then you tell you, tack you
and then you put the Earl of your target there.
Where for? This is gonna be a target. I P address.
Let's go check it out.
So here we are, back in our Callie environments are gonna type X s e r.
tak upper case c lowercase w equals four.
that zeroed out 11. And then we're gonna hit. Enter.
There seems to be some problem with my syntax here.
ankles for where we go
now, the command is running successfully here.
we got back zero results
should not be the case here because we know that this page is vulnerable.
Stress command Again. I'll see what we get here.
May have been just a hiccup.
it's discarding the girl. So you have to take http Colon for such force Flash.
and there we go. Now it's run successfully.
All right. Scan is complete it
if we scroll up here.
So the number of injections that were attempted was 34.
with an accuracy of 38%. So is telling us it's 38% sure here that, um But these links below
executed across a scripting vulnerability.
So you come down here
you target the injection. Would you used Method was crossing scripting and
the different browsers that
imitate it When it said the request. Now you can change these browsers. You can have a more robust and detailed
command for for ex assessor
to customize exactly how the skin is completely out of the scan is done.
if you have a a Web page that only responds to a certain type of browser, some businesses may do this because they want their their internal network only using a certain type of browser.
You would have to put this into into your command here.
And if you take excessive tak H,
it'll give you the help Paige here, and
you could see all the different types of ways that you can customize it. Now you want to change the user agent, which is the type of browser that you're coming from you would do tack tack, user agent equals. They would type in the type of agent that you want to be
that you want to see an active, verbose mode. So see what exactly it's dealing. Lad's doing it. You can add attack. You, too. It tak vy to it as well,
So there are a lot of different ways of customizing
these scans here for you.
All right, and let's move on