KathanP19 / Gxss
Licence: gpl-3.0
A tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115
Projects that are alternatives of or similar to Gxss
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-26.09%)
Mutual labels: xss, bugbounty
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+298.26%)
Mutual labels: xss, bugbounty
xssfinder
Toolset for detecting reflected xss in websites
Stars: ✭ 105 (-8.7%)
Mutual labels: xss, bugbounty
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+671.3%)
Mutual labels: xss, bugbounty
XSS-Payload-without-Anything
XSS Payload without Anything.
Stars: ✭ 74 (-35.65%)
Mutual labels: xss, bugbounty
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+187.83%)
Mutual labels: xss, bugbounty
0l4bs
Cross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+3.48%)
Mutual labels: xss, bugbounty
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+587.83%)
Mutual labels: xss, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (+413.04%)
Mutual labels: xss, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+746.96%)
Mutual labels: xss, bugbounty
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+155.65%)
Mutual labels: xss, bugbounty
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-26.96%)
Mutual labels: xss, bugbounty
Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+2175.65%)
Mutual labels: xss, bugbounty
Findom Xss
A fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+169.57%)
Mutual labels: xss, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+406.96%)
Mutual labels: xss, bugbounty
Tiny Xss Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+747.83%)
Mutual labels: xss, bugbounty
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+788.7%)
Mutual labels: xss, bugbounty
Gxss v2.2
A Light Weight Tool for checking reflecting Parameters in a URL. Inspired by kxss by @tomnomnom.
Installation
go get -u github.com/KathanP19/Gxss
Usage
_____ __ __ _____ _____
| __| | | __| __|
| | |- -|__ |__ |
|_____|__|__|_____|_____|
2.0 - @KathanP19
Usage of ./Gxss:
-c int
Set the Concurrency (default 50)
-o string
Save Result to OuputFile
-p string
Payload you want to Send to Check Refelection (default "Gxss")
-v Verbose mode
-
Checking Single Url
echo "https://target.com/some.php?first=hello&last=world | Gxss -c 100
-
Checking List of Urls
cat urls.txt | Gxss -c 100 -p XssReflected
-
Save Urls Which have Reflecting Params in a file for further analysis
cat urls.txt | Gxss -c 100 -o Result.txt
-
For verbose mode
cat urls.txt | Gxss -c 100 -o Result.txt -v
How It Works
- It takes Urls from STDIN
- It check for the reflected value on params one by one. (There are some tool like qsreplace which replace all params value but gxss checks payload one by one which makes it different from all those tools.)
For Example-
Url is https://example.com/?p=first&q=second
First it will check if p param reflects
https://example.com/?p=Gxss&q=second
Then it will check if q param reflects
https://example.com/?p=first&q=Gxss
- If reflection for any param is found it tells which param reflected in response.
Use Case or How to add to your workflow
echo "testphp.vulnweb.com" | waybackurls | httpx -silent | Gxss -c 100 -p Xss | sort -u | dalfox pipe
TODO
- [ ] Add an option for user to add there own headers
- [ ] Add an option for User-Agent
Thanks To
- Zoid for helping me out with code.
To Support Me
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].