I asked already a similar question. But for most it was not clear what I was asking about. Now I try my best and clarify as much as possible.
I tested XSS-exploitation tools: JSShell, BeEF, xssshell-xsstunnell and JShell. But was not satisfied (reasons below).
BeEF and co. are simply “command & control” (C&C) tools (with some extra exploits added as bonus) which obviously need to run on a public server to create a “communication channel” between an attacker and a victim. Now
BeEF is written in ruby, but most websites are using PHP (79.1% in 2019) and often have also natively python installed. Many hosting providers don’t give you root access. That makes it a bit odd that someone comes to idea to write C&C in ruby or even in ASP.NET since one would expect it to be written in PHP or python.
I wanted to bypass such restrictions (if even possible?) and still (!) use it on my local machine but allow it being accessible from the the outside. Yes! By using VPN and reverse proxy: https://serverfault.com/questions/979393/hosting-files-on-local-machine-behind-a-nat-which-can-be-accessed-from-public-se But I will need to test it and as far as haven’t tested it remains an open problem for me and I will just try existing tools.
Are there any C&C tools which are comparable in quality to
BeEF (since it offers many useful features which I miss in other tools which I tested so far) but written in PHP or python? Most tools which I’ve seen so far aren’t comparable in quality to
BeEF or written in other scripting languages or for other platforms like Windows Server. I googled but maybe I’m overlooking something.
Because currently it appears to me that if you want to fully exploit XSS you need to rent a server which supports ruby or ASP.NET. This is absolute valid, but not far from ideal.