Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ferreiraklet/airixss
Finding XSS during recon
https://github.com/ferreiraklet/airixss
Last synced: 21 days ago
JSON representation
Finding XSS during recon
- Host: GitHub
- URL: https://github.com/ferreiraklet/airixss
- Owner: ferreiraklet
- License: mit
- Created: 2022-03-18T22:39:25.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-13T20:15:47.000Z (about 2 years ago)
- Last Synced: 2024-08-05T17:29:43.888Z (4 months ago)
- Language: Go
- Size: 50.8 KB
- Stars: 243
- Watchers: 6
- Forks: 41
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - ferreiraklet/airixss - Finding XSS during recon (Go)
README
[](http://golang.org)
Airixss
Airixss is for checking reflection in recon process to find possible xss vulnerable endpoints.
## Contents:
- [Installation](#--installation--requirements)
- [Usage](#--usage--explanation)
- [Adding Headers](#adding-headers)
- [Using Proxy](#using-proxy)
- [Using with other tools](#chaining-with-other-tools)
## - Installation & Requirements:
Installing the tool ->
Using go
```bash
▶ go install github.com/ferreiraklet/airixss@latest
```
Using git clone
```bash
▶ git clone https://github.com/ferreiraklet/airixss.git
▶ cd airixss
▶ go build airixss.go
▶ chmod +x airixss
▶ ./airixss -h
```
## - Usage & Explanation:
In Your recon process, you may find endpoints that can be vulnerable to xss,
* Ex: `https://redacted.com/index.php?msg=SameValue`
* By replacing the "SameValue" to a xss payload, In order to see if there is reflection/vulnerable, it is when you use airixss
### Stdin - Single urls
**Attention**
**If you want to test xss, then, for better results, please provide the full payload in -p tag, Ex: -p ```'">'```**
```bash
echo 'https://redacted.com/index.php?user=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E' | airixss -payload '">'
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | bhedak '">' | airixss -p '">'
```
In -payload flag, you need to specify a part of the payload used in url, -payload "value_will_be_checked_reflection"
### Stdin - Read from File
```bash
cat targets | airixss -payload '">'
```
### Adding Headers
Pay attention to the syntax!
```bash
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '">' | airixss -p "confirm(1)" -H "header1: value1" -H "header2: value2"
```
### Using Proxy
```bash
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '">' | airixss -p "confirm(1)" -x "http://yourproxy"
```
### Chaining with other tools
```bash
echo "http://testphp.vulnweb.com" | waybackurls | anew | gf xss | qsreplace '">' | airixss -p "confirm(1)" -H "Header1: Value1"
echo "http://testphp.vulnweb.com" | waybackurls | nilo | anew | gf xss | urldedupe -qs | bhedak '">' | airixss -p "confirm(1)" --proxy "http://yourproxy"
echo "http://testphp.vulnweb.com" | waybackurls | nilo | anew | gf xss | qsreplace -a | bhedak '">' | airixss -p "confirm(1)" -x "http://yourproxy"
```
## Check out some of my other programs
> [Nilo](https://github.com/ferreiraklet/nilo) - Checks if URL has status 200
> [Jeeves](https://github.com/ferreiraklet/jeeves) - Time based blind Injection Scanner
## Please, also check these =>
> [GXSS](https://github.com/KathanP19/Gxss)
> [Dalfox](https://github.com/hahwul/dalfox)
If any error in the program, talk to me immediatly.
## This project is for educational and bug bounty porposes only! I do not support any illegal activities!.