github.com/iamsm9l/xssxd

v0.0.0-20220205134058-5f3554bf4ec3
Source
Go

Version published: 3 years ago

Created: 4 years ago

Source

THIS IS NOT MY TOOL, it is a copy since I notice the original is not always online. Full credit goes to @tommorowisnew_

xssXD

A tool made to detect xss vulnerablities in a list of urls. It takes input from the stdin.

How to install

git clone project
cd xssXD
go build

How to use

Usage of ./xssXD:
  -c int
        Set the Concurrency  (default 50)
  -s string
        Specify the payload to use (default "none")

Set Concurrency according to your need, default 50
Specify the payload to use. If not specified, it will check for characters <'"> by default

cat urls.txt | xssXD -c 100

Additional Info

The list of urls must be in the format protocol://subdomain/path?querys

Example

Default

cat test | ./xssXD                                                                                                   
http://public-firing-range.appspot.com/reflected/parameter/body/400?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/title?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body/500?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a is reflecting <, ', ", >
https://xss-game.appspot.com/level1/frame?query=asd is reflecting <, ', ", >
http://sudo.co.il/xss/level0.php?email=asd# is reflecting <, ', ", >

With specified payload

cat test | ./xssXD -s "<svg/onload=alert()>"                                                                         
http://public-firing-range.appspot.com/reflected/parameter/title?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/body/400?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/body/500?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a is reflecting <svg/onload=alert()>
https://xss-game.appspot.com/level1/frame?query=asd is reflecting <svg/onload=alert()>
http://sudo.co.il/xss/level0.php?email=asd# is reflecting <svg/onload=alert()>

Set Concurrency

cat test | ./xssXD -c 100
http://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body/400?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body/500?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/title?q=a is reflecting <, ', ", >
https://xss-game.appspot.com/level1/frame?query=asd is reflecting <, ', ", >
http://sudo.co.il/xss/level0.php?email=asd# is reflecting <, ', ", >

FAQs

What is github.com/iamsm9l/xssxd?

Package last updated on 05 Feb 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install