GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Damian89 → xssfinder

Damian89 / xssfinder

Licence: other
Toolset for detecting reflected xss in websites

Programming Languages

python
139335 projects - #7 most used programming language

Labels

xsspentestingbugbountyvulnerability-detectionitsecuritycross-site-scripting

Projects that are alternatives of or similar to xssfinder

Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+2392.38%)
Mutual labels:  xss, bugbounty, cross-site-scripting
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+744.76%)
Mutual labels:  xss, bugbounty
Dompurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Stars: ✭ 8,177 (+7687.62%)
Mutual labels:  xss, cross-site-scripting
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+180%)
Mutual labels:  xss, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+455.24%)
Mutual labels:  xss, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (+461.9%)
Mutual labels:  xss, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+827.62%)
Mutual labels:  xss, bugbounty
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+2701.9%)
Mutual labels:  xss, vulnerability-detection
Cazador unr
Hacking tools
Stars: ✭ 95 (-9.52%)
Mutual labels:  xss, bugbounty
Gxss
A tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (+9.52%)
Mutual labels:  xss, bugbounty
Quickxss
Automating XSS using Bash
Stars: ✭ 113 (+7.62%)
Mutual labels:  xss, bugbounty
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+336.19%)
Mutual labels:  xss, bugbounty
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+215.24%)
Mutual labels:  xss, bugbounty
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+653.33%)
Mutual labels:  xss, bugbounty
Findom Xss
A fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+195.24%)
Mutual labels:  xss, bugbounty
Tiny Xss Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+828.57%)
Mutual labels:  xss, bugbounty
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-19.05%)
Mutual labels:  xss, bugbounty
Resources
No description or website provided.
Stars: ✭ 38 (-63.81%)
Mutual labels:  xss, bugbounty
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+873.33%)
Mutual labels:  xss, bugbounty
0l4bs
Cross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+13.33%)
Mutual labels:  xss, bugbounty
View All Similar Projects ➔

XSS Finder

Some simple tools which I'm using frequently to find XSS. Keep in mind: Do not trust scripts only! Sometimes the vulnerability is more complex and needs special treatment ;) Those scripts won't find dom bases/dynamic XSS!

Why another XSS Find Tool?

Because most tools I tested did not find simple reflected XSS - that's why I hacked this script together. And it works... if you know how to use it.

checkGivenParameters.py

How to execute:

python3 checkGivenParameters.py -url "http://victim/?param1=test&param2=test2&foo=bar" -payload '[XSS"]'

This script...

  • searches for inputs, textareas, selects, buttons and uses their name/id values as additional get parameters
  • replaces every get value with the given payload and checks if its reflected in the http body

Optional parameters:

  • payload

Hints

Using the default payload may result in a lot of false results.

Screenshots

XSS on a starbucks subdomain

s

XSS on a General Motors subdomain

v

parameterSearchInChunksSingleThread.py

How to execute:

python3 parameterSearchInChunksSingleThread.py -u "http://victim/" --paramlist wordlists/params.txt --extended --extendedchar "<" --chunksize 75 --verbose --wait 5

This scripts...

  • searches for inputs, textareas, selects, buttons and uses their name/id as additional get parameters
  • adds also the current urls get parameters (if the exist)
  • Creates for every parameter a custom payload, creates then even sized chunks
  • a param-value query string based on every chunk is generated and then requested, response is checked for every payload

Optional parameters:

  • paramlist
  • verbose
  • extended
  • chunksize (default: 75, using a bigger value may result in server errors due small client buffer settings!!)
  • extendedchar
  • wait (default: 0, wait time in seconds between requests)

Screenshots

Checking Brute Logic XSS Page with parameter wordlist... ds

Checking Brute Logic XSS Page without parameter wordlist... ds

Checking Starbucks subdomain (with xss): ds

Wordlist

Thanks to Daniel Miessler for the parameter wordlist: https://github.com/danielmiessler/SecLists

I added some custom parameters ;)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].