X-Recon : Mastering XSS Vulnerability Scanning And Web Reconnaissance

A sophisticated tool designed for web application security enthusiasts.

This utility specializes in identifying web page inputs and performing comprehensive XSS scanning. Whether you’re looking to uncover subdomains, analyze forms, or test for XSS vulnerabilities, X-Recon provides all the necessary functionalities to enhance your security testing efforts.

Features:

• Subdomain Discovery:
  • Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process.
• Site-wide Link Discovery:
  • Collects all links throughout the website based on the provided whitelist and the specified max_depth.
• Form and Input Extraction:
  • Identifies all forms and inputs found within the extracted links, generating a JSON output. This JSON output serves as a foundation for leveraging the XSS scanning capability of the tool.
• XSS Scanning:
  • Once the start recon option returns a custom JSON containing the extracted entries, the X-Recon tool can initiate the XSS vulnerability testing process and furnish you with the desired results!

Note:

Installation

$ git clone https://github.com/joshkar/X-Recon
$ cd X-Recon
$ python3 -m pip install -r requirements.txt
$ python3 xr.py

Target For Test:

  http://testphp.vulnweb.com