Skip to content

xsschecker tool checking reflected endpoints finding possible xss vulnerable endpoints.

License

Notifications You must be signed in to change notification settings

rix4uni/xsschecker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 
 
 
 
 

Repository files navigation

 _  _  ____  ____   ___  _  _  ____  ___  __ _  ____  ____ 
( \/ )/ ___)/ ___) / __)/ )( \(  __)/ __)(  / )(  __)(  _ \
 )  ( \___ \\___ \( (__ ) __ ( ) _)( (__  )  (  ) _)  )   /
(_/\_)(____/(____/ \___)\_)(_/(____)\___)(__\_)(____)(__\_)

xsschecker tool checking reflected endpoints finding possible xss vulnerable endpoints.

Install

go install github.com/rix4uni/xsschecker@latest

or

git clone https://github.com/rix4uni/xsschecker.git && cd xsschecker && go build xsschecker.go && mv xsschecker ~/go/bin/xsschecker && cd .. && rm -rf xsschecker

Usage

xsschecker -h
Usage: xsschecker [OPTIONS]

Options:
  -H string
        Custom User-Agent header for HTTP requests. (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36")
  -ao string
        File to append the output instead of overwriting.
  -i string
        Input file containing list of URLs.
  -match string
        The string(s) to match against the domain response. Separate multiple strings with commas. (required) (default "alert(1), confirm(1), prompt(1)")
  -maxssc int
        Maximum number of status code responses required before skipping all URLs from that domain, This flag only can be use with -ssc flag. (default 20)
  -nc
        Do not use colored output.
  -o string
        File to save the output.
  -proxy string
        Proxy server for HTTP requests. (e.g., http://127.0.0.1:8080)
  -retries int
        Number of retry attempts for failed HTTP requests. (default 1)
  -scdn string
        Comma-separated server names to skip all URLs for (e.g., "cloudflare,AkamaiGHost,CloudFront,Imperva").
  -ssc string
        Comma-separated status codes to skip all URLs from a domain if encountered (e.g., 403,400).
  -t int
        Number of concurrent threads. (default 20)
  -timeout int
        Timeout for HTTP requests in seconds. (default 15)
  -u string
        Single URL to test.
  -v    Enable verbose output for debugging purposes.
  -version
        Print the version of the tool and exit.
  -vuln
        If set, only vulnerable URLs will be printed.

Reflected XSS Mass Automation

cat subs.txt | waybackurls >> waybackurls-urls.txt
cat subs.txt | gau >> gau-urls.txt
cat live-subs.txt | hakrawler -scope >> hakrawler-urls.txt
cat waybackurls-urls.txt gau-urls.txt hakrawler-urls.txt | anew -q urls.txt

cat urls.txt | uro | gf allparam | grep "=" | gf blacklist | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>'

Reflected XSS Oneliner Command1

echo "testphp.vulnweb.com" | waybackurls | gf xss | uro | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>' -vuln

Reflected XSS Oneliner Command2

echo "testphp.vulnweb.com" | waybackurls | uro | gf allparam | grep "=" | gf blacklist | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>' -vuln

or

echo "testphp.vulnweb.com" | waybackurls | uro | gf allparam | grep "=" | gf blacklist | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>, "<image/src/onerror=confirm(1)>' -vuln

Reflected XSS Oneliner Command1 and Reflected XSS Oneliner Command2 Results Comparison

image

About

xsschecker tool checking reflected endpoints finding possible xss vulnerable endpoints.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages