Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/iamsm9l/xssxd

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/iamsm9l/xssxd

  • v0.0.0-20220205134058-5f3554bf4ec3
  • Source
  • Go
  • Socket score

Version published
Created
Source

THIS IS NOT MY TOOL, it is a copy since I notice the original is not always online. Full credit goes to @tommorowisnew_

xssXD

A tool made to detect xss vulnerablities in a list of urls. It takes input from the stdin.

How to install

git clone project
cd xssXD
go build

How to use

Usage of ./xssXD:
  -c int
        Set the Concurrency  (default 50)
  -s string
        Specify the payload to use (default "none")
  • Set Concurrency according to your need, default 50
  • Specify the payload to use. If not specified, it will check for characters <'"> by default

cat urls.txt | xssXD -c 100

Additional Info

The list of urls must be in the format protocol://subdomain/path?querys

Example

Default

cat test | ./xssXD                                                                                                   
http://public-firing-range.appspot.com/reflected/parameter/body/400?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/title?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body/500?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a is reflecting <, ', ", >
https://xss-game.appspot.com/level1/frame?query=asd is reflecting <, ', ", >
http://sudo.co.il/xss/level0.php?email=asd# is reflecting <, ', ", >

With specified payload

cat test | ./xssXD -s "<svg/onload=alert()>"                                                                         
http://public-firing-range.appspot.com/reflected/parameter/title?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/body/400?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/body/500?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a is reflecting <svg/onload=alert()>
http://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a is reflecting <svg/onload=alert()>
https://xss-game.appspot.com/level1/frame?query=asd is reflecting <svg/onload=alert()>
http://sudo.co.il/xss/level0.php?email=asd# is reflecting <svg/onload=alert()>

Set Concurrency

cat test | ./xssXD -c 100
http://public-firing-range.appspot.com/reflected/parameter/attribute_singlequoted?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body/400?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body/500?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/body_comment?q=a is reflecting <, ', ", >
http://public-firing-range.appspot.com/reflected/parameter/title?q=a is reflecting <, ', ", >
https://xss-game.appspot.com/level1/frame?query=asd is reflecting <, ', ", >
http://sudo.co.il/xss/level0.php?email=asd# is reflecting <, ', ", >

FAQs

Package last updated on 05 Feb 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc