Recently, I've begun to be much more interested in cross site scripting (XSS). As I've read more about it, and experimented more with it, I find it to be a bigger animal than I ever thought. For the most part, I've ignored it, thinking there were only a few vectors to use it, and as long as I was careful about sterilizing data, it would be easily avoidable. Not so. There are hundreds of way to use XSS in web applications.

There are many resources on the net for web vulnerabilities, much of which consist in part or entirely of XSS vectors. ha.ckers.org is a good site for information, and sample vectors. sla.ckers.org is a great forum with a lot of knowledgeable people around to suggest new vectors or new spins on old vectors. I've also found 0x000000.com to be invaluable in my quest to learn more about how to find vectors, and then how to exploit them.

After an exhaustive search, I stumbled upon a goldmine. AttackAPI is a javascript library designed with the idea of using it to find and exploit browser "vulnerabilities." I use the word vulnerability loosely, because from my experience, most of these problems are features, not bugs, but can be used in a most malicious method. They've got a (somewhat unused) Google group, 3.x source code available, but I found the documentation non-existent. If I'm wrong, I'd love to know about it. However, that's why I described it as the Metasploit of the web. It's got a great featureset, but the documentation is horrible (as is Metasploit's).

The version 3 framework is supposed to be much more full featured. We'll see.