Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
github.com/kathanp19/gxss
dalfox file urls.txt --skip-xss-scanning -o reflecting.txt
A Light Weight Tool for checking reflecting Parameters in a URL. Inspired by kxss by @tomnomnom.
go install github.com/KathanP19/Gxss@latest
_____ __ __ _____ _____
| __| | | __| __|
| | |- -|__ |__ |
|_____|__|__|_____|_____|
4.0 - @KathanP19
Usage of Gxss:
-c int
Set the Concurrency (default 50)
-d string
Request data for POST based reflection testing
-h value
Set Custom Header.
-o string
Save Result to OutputFile
-p string
Payload you want to Send to Check Reflection (default "Gxss")
-u string
Set Custom User agent. Default is Mozilla (default "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36")
-v Verbose mode
-x string
Proxy URL. Example: http://127.0.0.1:8080
Checking Single Url
echo "https://target.com/some.php?first=hello&last=world" | Gxss -c 100
Checking List of Urls
cat urls.txt | Gxss -c 100 -p XssReflected
Save Urls Which have Reflecting Params in a file for further analysis
cat urls.txt | Gxss -c 100 -o Result.txt
For verbose mode -v
cat urls.txt | Gxss -c 100 -o Result.txt -v
Send Custom Header -h
cat urls.txt | Gxss -c 100 -p Xss -h "Cookie: Value"
Send Custom User-Agent -u
cat urls.txt | Gxss -c 100 -p Xss -h "Cookie: Value" -u "Google Bot"
For Example-
Url is https://example.com/?p=first&q=second
First it will check if p param reflects
https://example.com/?p=Gxss&q=second
Then it will check if q param reflects
https://example.com/?p=first&q=Gxss
echo "testphp.vulnweb.com" | waybackurls | httpx -silent | Gxss -c 100 -p Xss | sort -u | dalfox pipe
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.