XPath injection tool

xcat is the first tool I ever built, so it has a special place in my heart. It’s a Python utility for exploiting XPath injection vulnerabilities, and it boasts a suite of unique and advanced features that make it a powerful tool for penetration testers.

It can automatically detect the version of xpath being used and adapt its attack to suit, ranging from simple boolean attacks to leveraging more advanced techniques like extracting data from the filesystem or making the target server perform arbitrary HTTP requests to internal network resources on your behalf.