hey everyone
wanted to share something i built in nim over the past while. it's an xpath injection scanner called xpath, written completely in nim with nothing outside the standard library.
https://github.com/blue0x1/xpath
the idea was to have something fast and self-contained that handles real world xpath injection across different techniques. no python, no libxml2 bindings, no external deps. just nim compiled down to a single binary.
what it can do right now:
error based detection with signatures for java, dotnet, php, libxml2, saxon, xalan boolean blind using response similarity and size comparison time based blind with expensive xpath functions union and node selection injection auth bypass checks for login forms
once it confirms injection it can pull data out either by parsing visible content, extracting union results, or doing blind extraction character by character using string-length and substring.
it also does basic crawling to find parameters on forms and urls, has some waf evasion payloads built in, and can output both human readable reports and json.
usage looks like this:
xpath -u "http://target.local/search?q=test" -p q
or with extraction turned on:
xpath -u "http://target.local/search?q=test" -p q -t A -x
building is just make linux or make windows. there's also a deb target if you want to package it.
happy to answer questions