github.com/KathanP19/gxss

Project is now Deprecated as Dalfox has discovery option which can be used to identify reflecting params dalfox file urls.txt --skip-xss-scanning -o reflecting.txt

Gxss v4.0

A Light Weight Tool for checking reflecting Parameters in a URL. Inspired by kxss by @tomnomnom.

Installation

go install github.com/KathanP19/Gxss@latest

• If the above step doesn't work then you can try pre-built binary file from here https://github.com/KathanP19/Gxss/releases

Usage

                  
 _____ __ __ _____ _____ 
|   __|  |  |   __|   __|
|  |  |-   -|__   |__   |
|_____|__|__|_____|_____|
                         
        4.0 - @KathanP19

Usage of Gxss:
  -c int
        Set the Concurrency (default 50)
  -d string
        Request data for POST based reflection testing
  -h value
        Set Custom Header.
  -o string
        Save Result to OutputFile
  -p string
        Payload you want to Send to Check Reflection (default "Gxss")
  -u string
        Set Custom User agent. Default is Mozilla (default "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36")
  -v    Verbose mode
  -x string
        Proxy URL. Example: http://127.0.0.1:8080

• Checking Single Url

  echo "https://target.com/some.php?first=hello&last=world" | Gxss -c 100

• Checking List of Urls

  cat urls.txt | Gxss -c 100 -p XssReflected

• Save Urls Which have Reflecting Params in a file for further analysis

  cat urls.txt | Gxss -c 100 -o Result.txt

• For verbose mode -v

  cat urls.txt | Gxss -c 100 -o Result.txt -v

• Send Custom Header -h

  cat urls.txt | Gxss -c 100 -p Xss -h "Cookie: Value"

• Send Custom User-Agent -u

  cat urls.txt | Gxss -c 100 -p Xss -h "Cookie: Value" -u "Google Bot"

How It Works

• It takes Urls from STDIN
• It check for the reflected value on params one by one. (There are some tool like qsreplace which replace all params value but gxss checks payload one by one which makes it different from all those tools.)

For Example- 
Url is https://example.com/?p=first&q=second

First it will check if p param reflects
https://example.com/?p=Gxss&q=second

Then it will check if q param reflects
https://example.com/?p=first&q=Gxss

• If reflection for any param is found it tells which param reflected in response.

Use Case or How to add to your workflow

echo "testphp.vulnweb.com" | waybackurls | httpx -silent | Gxss -c 100 -p Xss | sort -u | dalfox pipe

• Dalfox is Xss Scanner by @hahwul

TODO

• TimeOut Option.
• Add Post Method Support.
• Add Proxy Support.
• Add an option for user to add there own headers
• Add an option for User-Agent

Thanks To

• Zoid for helping me out with code.
• Parth Parmar for adding Custom Header and User-Agent Support.
• Luska for adding proxy support and custom post data support

To Support Me

• You Can Buy Me A Coffee