View Code? Open in Web Editor
NEW
This project forked from hackeruniverse/screamingcobra
Heavy-duty and Advanced Cross Site Scripting Scanner
Python 84.03%
Shell 15.89%
Perl 0.08%
xss-finder's Introduction
F.A.Q
XSS-Finder
- Swiss knife for XSS on any Path of any XSS
- Useful for Newbies to Pro
License
Installation & Run
- Run Installers & enter in terminal: ScreamingCobra
Screenshots
Features
- Blind XSS
- Stored XSS using File
- Persistent XSS using File
- Reflected XSS
- URL Reflection XSS in Paths
- Dom XSS
- Special Java XSS payloads
- Cached Pages XSS
- Form Based XSS
- HTTP Link XSS
- HTTP Host XSS
- HTTP Referer XSS
- HTTP Cookies XSS
- HTTP Location XSS
- Dump server values
Dumping and Recoder Information
- Dumper can dump server parameters, forms, etc
- Recoder will record response in result file
- Use grep to check reflections
Dom Scanner for Sinks
- Example: <script> var x = document.URL.substring(document.URL.indexOf("name=")+5);document.write(name + "!"); </script>
Payloads
- Use payloads, update payloads, add more payloads
False Positive
- Be sure to remove any newlines, tabs, etc for less false positive reports
Appeared
Tweets
Official Video
Kali, ParrotOS, Termux Installation
- chmod u+x Kali_Installer.ss && ./Kali_Installer.sh
- chmod u+x Parrot_Os_Installer.sh && ./Parrot_Os_Installer.sh
- chmod u+x Termux_Installer.sh && ./interface.sh
Compatible
- Android Led TV, Termux, Linux, Unix, Windows
Fuzzy Logic
Update Code
- Code can be update and expand from time to time
Contact
Sponsor & Support via BTC
- 3BuUYgEgsRuEra4GwqNVLKnDCTjLEDfptu
xss-finder's People
Contributors
Watchers