Categories: Kali Linux

XSS-Freak : XSS Scanner Fully Written In Python3 From Scratch

XSS-Freak is an xss scanner fully written in python3 from scratch. it is one of its kind since it crawls the website for all possible links and directories to expand its attack scope.

Then it searches them for inputs tags and then launches a bunch of xss payloads. if an inputs is not sanitized and vulnerable to xss attacks, the tool will discover it in seconds.

Requirements

  • High Internet Connection Speed.
  • A New PC that is capable of handling a high amount of threads concurrently.
  • Luck Of course.

How Does it Work?

First You Supply A Target Website To Scan And A List Which Contains Different XSS Payloads (better low amount and more effective and Least Detected Payloads) Then It Crawls The Main Website (Index Page) For Possible Links and Directories then it Crawls the Found Directories (if exist any) for additional links they weren’t found in the initial crawl and add them to its attack scope.

Then the tool will crawl all the links that were found in both in the initial scan and links from the directory For HTML INPUTS. Then the tool adds all the found HTML INPUTS to its attack scope.

Then the tool launches an ATTACK on all HTML INPUTS with the XSS payloads the user-provided from the list. if the HTML INPUT IS NOT SANITIZED PROPERLY and Filtered The Script Will Instantly Detect It and Will Print Out The Vulnerable Parameter.

Note: The Script Is Too Powerful For Old Computers.

Advantages

  • Supports Multithreading For Efficiency and Faster Processing.
  • One Of It Kind.
  • Ability To Crawl All the sites not only a specific webpage.
  • Versatile.

Disadvantages

  • Isn’t Supported On Phones Due to the high demand for hardware.
  • Requires a High-Speed internet connection for it to work well or you will get errors or take too much time.
  • Requires Medium to best hardware since it deals and manages with high amounts of threads and any old hardware the script will cause the computer to lag or crash so take care.
R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago