This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the example.app-settings.conf to app-settings.conf and adjust the settings. It should work out of the box but depending on the target I would recommend to resize the chunk sizes. Execution This tool does not expect any arguments via CLI, so just type: python3 extended-xss-search.py Configuration Its possible to set a lot of options and settings, so here are some explanations. Files The main config file is the "app-settings.conf", everything has to be done in that file! Besides that, there are some other files which allow to set more complex data like headers, urls and cookies. config/cookie-jar.txt Use this file to add a cookie string. I usually copy the one which you can see in every burp request. Please just copy the value of the "Cookie:"-header. A sample input is in the default file. config/http-headers.txt This file defines the http headers which are added to the request and manipulated (payload is added to each one). The most important ones are already in the file. But feel free to add more. config/parameters.txt The tool has the option to brute force get and post parameters. In that case those parameters (+ those in the query string) will be used….
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-03-05 15:30:002020-03-05 15:30:00Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org