GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → KathanP19 → Gxss

KathanP19 / Gxss

Licence: gpl-3.0
A tool to check a bunch of URLs that contain reflecting params.

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

bugbountyxss

Projects that are alternatives of or similar to Gxss

Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-26.09%)
Mutual labels:  xss, bugbounty
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+298.26%)
Mutual labels:  xss, bugbounty
Resources
No description or website provided.
Stars: ✭ 38 (-66.96%)
Mutual labels:  xss, bugbounty
xssfinder
Toolset for detecting reflected xss in websites
Stars: ✭ 105 (-8.7%)
Mutual labels:  xss, bugbounty
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+671.3%)
Mutual labels:  xss, bugbounty
XSS-Payload-without-Anything
XSS Payload without Anything.
Stars: ✭ 74 (-35.65%)
Mutual labels:  xss, bugbounty
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+187.83%)
Mutual labels:  xss, bugbounty
0l4bs
Cross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+3.48%)
Mutual labels:  xss, bugbounty
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+587.83%)
Mutual labels:  xss, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (+413.04%)
Mutual labels:  xss, bugbounty
Cazador unr
Hacking tools
Stars: ✭ 95 (-17.39%)
Mutual labels:  xss, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+746.96%)
Mutual labels:  xss, bugbounty
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+155.65%)
Mutual labels:  xss, bugbounty
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-26.96%)
Mutual labels:  xss, bugbounty
Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+2175.65%)
Mutual labels:  xss, bugbounty
Findom Xss
A fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+169.57%)
Mutual labels:  xss, bugbounty
Quickxss
Automating XSS using Bash
Stars: ✭ 113 (-1.74%)
Mutual labels:  xss, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+406.96%)
Mutual labels:  xss, bugbounty
Tiny Xss Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+747.83%)
Mutual labels:  xss, bugbounty
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+788.7%)
Mutual labels:  xss, bugbounty
View All Similar Projects ➔

Gxss v2.2

A Light Weight Tool for checking reflecting Parameters in a URL. Inspired by kxss by @tomnomnom.

Installation

go get -u github.com/KathanP19/Gxss

Usage

                  
 _____ __ __ _____ _____ 
|   __|  |  |   __|   __|
|  |  |-   -|__   |__   |
|_____|__|__|_____|_____|
                         
        2.0 - @KathanP19

  Usage of ./Gxss:
  -c int
        Set the Concurrency (default 50)
  -o string
        Save Result to OuputFile
  -p string
        Payload you want to Send to Check Refelection (default "Gxss")
  -v    Verbose mode

  • Checking Single Url

    echo "https://target.com/some.php?first=hello&last=world | Gxss -c 100

  • Checking List of Urls

    cat urls.txt | Gxss -c 100 -p XssReflected

  • Save Urls Which have Reflecting Params in a file for further analysis

    cat urls.txt | Gxss -c 100 -o Result.txt

  • For verbose mode

    cat urls.txt | Gxss -c 100 -o Result.txt -v

How It Works

  1. It takes Urls from STDIN
  2. It check for the reflected value on params one by one. (There are some tool like qsreplace which replace all params value but gxss checks payload one by one which makes it different from all those tools.)
For Example- 
Url is https://example.com/?p=first&q=second

First it will check if p param reflects
https://example.com/?p=Gxss&q=second

Then it will check if q param reflects
https://example.com/?p=first&q=Gxss
  1. If reflection for any param is found it tells which param reflected in response.

asciicast

Use Case or How to add to your workflow

echo "testphp.vulnweb.com" | waybackurls | httpx -silent | Gxss -c 100 -p Xss | sort -u | dalfox pipe

TODO

  • [ ] Add an option for user to add there own headers
  • [ ] Add an option for User-Agent

Thanks To

  • Zoid for helping me out with code.

To Support Me

  • You Can Buy Me A Coffee

    Buy Me A Coffee

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].