{"id":25074787,"url":"https://github.com/rix4uni/gxss","last_synced_at":"2025-10-27T13:36:54.355Z","repository":{"id":241215722,"uuid":"802393593","full_name":"rix4uni/Gxss","owner":"rix4uni","description":"A tool to check a bunch of URLs that contain reflecting params.","archived":false,"fork":false,"pushed_at":"2024-05-18T07:09:21.000Z","size":5,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-07T00:18:44.183Z","etag":null,"topics":["bug-bounty","bugbounty","bugbountytips","hacking","infosec","osint","osint-resources","osint-tool","penetration-testing","pentest-tool","pentesting","recon","reconnaissance","security","security-tools","threat-intelligence"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rix4uni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-18T07:09:04.000Z","updated_at":"2025-01-20T06:05:40.000Z","dependencies_parsed_at":null,"dependency_job_id":"d0ad152d-a1f1-44a8-8c17-76ae1c5587b5","html_url":"https://github.com/rix4uni/Gxss","commit_stats":null,"previous_names":["rix4uni/gxss"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2FGxss","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2FGxss/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2FGxss/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rix4uni%2FGxss/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rix4uni","download_url":"https://codeload.github.com/rix4uni/Gxss/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246531983,"owners_count":20792735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","bugbountytips","hacking","infosec","osint","osint-resources","osint-tool","penetration-testing","pentest-tool","pentesting","recon","reconnaissance","security","security-tools","threat-intelligence"],"created_at":"2025-02-07T00:18:36.867Z","updated_at":"2025-10-27T13:36:54.283Z","avatar_url":"https://github.com/rix4uni.png","language":"Go","funding_links":["https://www.buymeacoffee.com/kathanp19"],"categories":[],"sub_categories":[],"readme":"# Gxss v4.2\n\nThis tool's Original Created is: Kathan Patel [Gxss](https://github.com/KathanP19/Gxss), I just modified this tool according to my requirements.\n\nWhy i modified this tool beacause using Gxss in every parameter might kill regular url if the paramenter value is sensitive to certain values.\n\n## What is add new\n```\n# rix4uni Gxss\necho \"http://testphp.vulnweb.com/hpp/params.php?p=valid\u0026pp=12\" | Gxss\nhttp://testphp.vulnweb.com/hpp/params.php?p=valid\u0026pp=12 Reflected:[p=Gxss, pp=Gxss]\n\n# -hr means check reflection parameter but don't print in terminal just Hide reflection details\necho \"http://testphp.vulnweb.com/hpp/params.php?p=valid\u0026pp=12\" | Gxss -hr\nhttp://testphp.vulnweb.com/hpp/params.php?p=valid\u0026pp=12\n\n# all other flags are same\n\n\n# Kathan Patel Gxss\necho \"http://testphp.vulnweb.com/hpp/params.php?p=valid\u0026pp=12\" | Gxss\nhttp://testphp.vulnweb.com/hpp/params.php?p=Gxss\u0026pp=12\n\nhttp://testphp.vulnweb.com/hpp/params.php?p=valid\u0026pp=Gxss\n\n```\n\nA Light Weight Tool for checking reflecting Parameters in a URL. Inspired by [kxss](https://github.com/tomnomnom/hacks/tree/master/kxss) by [@tomnomnom](https://twitter.com/TomNomNom).\n\n# Installation\n\n`go install github.com/rix4uni/Gxss@latest`\n\n* If the above step doesn't work then you can try pre-built binary file from here\n https://github.com/rix4uni/Gxss/releases\n\n# Usage\n\n```\n \n _____ __ __ _____ _____ \n| __| | | __| __|\n| | |- -|__ |__ |\n|_____|__|__|_____|_____|\n \n 4.2 - @KathanP19\n\nUsage of Gxss:\n -c int\n Set the Concurrency (default 50)\n -d string\n Request data for POST based reflection testing\n -h value\n Set Custom Header.\n -hr\n Hide reflection details\n -o string\n Save Result to OutputFile\n -p string\n Payload you want to Send to Check Reflection (default \"Gxss\")\n -u string\n Set Custom User agent. Default is Mozilla (default \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36\")\n -v Verbose mode\n -x string\n Proxy URL. Example: http://127.0.0.1:8080\n```\n\n* Checking Single Url\n\n `echo \"https://target.com/some.php?first=hello\u0026last=world\" | Gxss -c 100 `\n \n* Checking List of Urls\n\n `cat urls.txt | Gxss -c 100 -p XssReflected`\n\n* Save Urls Which have Reflecting Params in a file for further analysis\n\n `cat urls.txt | Gxss -c 100 -o Result.txt`\n\n* For verbose mode `-v`\n\n `cat urls.txt | Gxss -c 100 -o Result.txt -v `\n \n* Send Custom Header `-h`\n \n `cat urls.txt | Gxss -c 100 -p Xss -h \"Cookie: Value\"`\n \n* Send Custom User-Agent `-u`\n \n `cat urls.txt | Gxss -c 100 -p Xss -h \"Cookie: Value\" -u \"Google Bot\"`\n\n\n# How It Works\n1. It takes Urls from STDIN\n2. It check for the reflected value on params one by one. (There are some tool like qsreplace which replace all params value but gxss checks payload one by one which makes it different from all those tools.)\n```\nFor Example- \nUrl is https://example.com/?p=first\u0026q=second\n\nFirst it will check if p param reflects\nhttps://example.com/?p=Gxss\u0026q=second\n\nThen it will check if q param reflects\nhttps://example.com/?p=first\u0026q=Gxss\n```\n3. If reflection for any param is found it tells which param reflected in response.\n\n[![asciicast](https://asciinema.org/a/84mXOOcDrxzZ3eyW16Ap3eHwX.svg)](https://asciinema.org/a/84mXOOcDrxzZ3eyW16Ap3eHwX)\n\n# Use Case or How to add to your workflow\n\n`echo \"testphp.vulnweb.com\" | waybackurls | httpx -silent | Gxss -c 100 -p Xss | sort -u | dalfox pipe` \n\n* [Dalfox](https://github.com/hahwul/dalfox) is Xss Scanner by [@hahwul](https://twitter.com/hahwul)\n\n# TODO\n\n- [ ] TimeOut Option. \n- [x] Add Post Method Support.\n- [x] Add Proxy Support.\n- [x] Add an option for user to add there own headers\n- [x] Add an option for User-Agent\n\n# Thanks To\n\n* [Zoid](https://twitter.com/z0idsec) for helping me out with code.\n* [Parth Parmar](https://twitter.com/Parth97531) for adding Custom Header and User-Agent Support.\n* [Luska](https://github.com/LuskaBol) for adding proxy support and custom post data support\n\n# To Support Me \n\n* You Can Buy Me A Coffee\n\n \u003ca href=\"https://www.buymeacoffee.com/kathanp19\" target=\"_blank\"\u003e\u003cimg src=\"https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png\" alt=\"Buy Me A Coffee\" style=\"height: 41px !important;width: 174px !important;box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;-webkit-box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;\" \u003e\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frix4uni%2Fgxss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frix4uni%2Fgxss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frix4uni%2Fgxss/lists"}