Read Official Guide: https://www.bugblogs.tech/post/automating-xss-using-dalfox-gf-and-waybackurls
Bash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox.
Here are their Repositories:
Install Go in your Machine and then install required Tools.
For installing Go in your system:
sudo apt install -y golang
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
source .bashrc
chmod +x install.sh
./install.sh
# for build docker image
$ docker build --tag quickxss .
# run docker image
$ docker run -it --rm --name qs quickxss
# Set alias to ~/.zshrc or ~/.bashrc ( depend which shell you are using ) will help to global execute quickxss
$ alias quickxss='docker run -it --rm --name qs quickxss'
go get -u github.com/tomnomnom/gf
go get github.com/tomnomnom/waybackurls
GO111MODULE=on go get -v github.com/hahwul/dalfox/v2
GO111MODULE=on go get -u -v github.com/lc/gau
mkdir .gf
cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf
git clone https://github.com/1ndianl33t/Gf-Patterns
mv ~/Gf-Patterns/*.json ~/.gf
git clone https://github.com/theinfosecguy/QuickXSS.git
cd QuickXSS
chmod +x QuickXSS.sh
Provide your Target & XSSHunter Payload as the Argument. For generating XSS Hunter Payload: Check This
QuickXSS Usage
./QuickXSS.sh -d <target.com>
./QuickXSS.sh -d <target.com> -b <blindxss.xss.ht>
./QuickXSS.sh -d <target.com> -o xss_results.txt
./QuickXSS.sh -d <target.com> -b <blindxss.xss.ht> -o xss_results.txt
Special Thanks to all these for their amazing tools ❤ :
- TomNomNom for Waybackurls and GF
- Shiv Chouhan for GF Patterns
- HAHWUL for Dalfox
- Corben Leo for gau
- Zemo for his amazing video.
If QuickXSS helped you land a Bounty ! Support me & Buy me a Ko-Fi