Cross-site Tracing vulnerability assessment tool.
npm install ntrace
|5||downloads in the last week|
|10||downloads in the last month|
|Version||0.0.5 last updated 7 months ago|
|Keywords||security, trace, pentest, xst, xss|
|Dependencies||util, argv, optimist, colors|
nTrace is a command-line security tool to detect Cross-Site Tracing (XST) vulnerabilities, written in node. An XST attack is typically used in conjunction with an XSS attack, making it additionally devestating.
Updated the TRACE request to also include a custom header. nTrace will then look for that same header in the response to determine whether or not the site is truly vulnerable to XST attacks.
npm install -g ntrace
git clone git://github.com/gabemarshall/ntrace.git
./ntrace.js --url=<www.url.com> --https=<yes or no> ./ntrace.js --url=www.google.com https=yes
VULNERABLE: Site responded with our custom header meaning it is susceptible to XST attacks
SAFE: This site does not appear to be susceptible to XST
There was a problem with the request, which might mean TRACE is not supported. To be safe, try the request again and change the --https flag (error message will be appended, typically socket hangup).