cyberneticlibrary
← library

Hunt XML external entity attacks

hunt-xxeskillsetup L11,791
elementalsouls/Claude-BugHunter
What it does

Discover and exploit XXE vulnerabilities across attack surface

Best for

When hunting XXE on XML-heavy endpoints, file parsers, or SAML flows where file-read or SSRF payoff is high.

Inputs
  • · target URLs
  • · XML entry points
  • · file upload features
  • · wordlist for SSRF targets
Outputs
  • · file contents (in-band)
  • · DNS/HTTP callback confirmations (OOB)
  • · SSRF pivot evidence
  • · impact chain documentation
Requires
  • · Burp Suite
  • · Burp Collaborator
  • · netcat or interactsh server
Preconditions

XXE test payloads; OOB listener infrastructure; authorization for active testing

Failure modes
  • · XXE disabled (hardened parser)
  • · OOB blocked by firewall
  • · two-stage payload requires external DTD hosting
  • · parameter-entity XXE may not work on all parsers
Trust signals
  • · 10 public bug bounty reports in source
  • · real XXE chains documented (CVE-2024-34102)
  • · OOB-Or-It-Didn't-Happen validation gate