Yoda
Joined: Dec 29, 2024
Messages: 10
Reaction score: 3
Points: 3
The process is very simple and efficient. The first step is to copy the target website URL. Now that we know the target, the next step will be to execute a very simple, yet powerful one-liner command that streamlines the testing process. Here’s how it works
echo example.com | gau | gf xss | uro | Gxss | kxss | tee xss_output.txt
echo example.com | gau | gf xss | uro | Gxss | kxss | tee xss_output.txt
But before we go any further, let me explain these commands step by step:
- GAU: fetches old URLs from passive sources like WaybackURLs, AlienVault, Common Crawl, and URLscan.
- GF pattern: filters for URLs with parameters often vulnerable to XSS
- URO: removes duplicate URLs, so only unique entries remain.
- Gxss: checks for URLs with parameters which reflect in the response.
- Kxss: identifies URLs with unfiltered special characters, useful for XSS execution
- tee: saves output to a file and displays it on the screen simultaneously.
Bu bağlantı ziyaretçiler için gizlenmiştir. Görmek için lütfen giriş yapın veya üye olun.
Hit enter and wait a second. As you can see, we now have all the URLs with the reflected parameters with unfiltered characters that are used in xss payloads.
Refining and Validating Results
Now open the saved output. You can see the results, although they include some noisy entries. to improve this, let’s filter out everything we don’t need. Enter below command which cleans up the output, it will show URLs with XSS-vulnerable parameters
cat xss_output.txt | grep -oP '^URL: \K\S+' | sed 's/=.*/=/' | sort -u > final.txt
Bu bağlantı ziyaretçiler için gizlenmiştir. Görmek için lütfen giriş yapın veya üye olun.
Final exploitation with our Loxs tool
So, let’s send these result to our Loxs tool folder. Now run the Loxs tool, select option 4 for xss, enter the results file final.txt , provide the path to the payload file and press Enter.
erfect! As you can see it shows all XSS vulnerable URLs on the terminal copy it now and paste it into the browser to see the XSS popup. Or you can wait to finish the full scan so it will generate a clean html report with all the details then you can open that one by one to see xss popup’s
Bu bağlantı ziyaretçiler için gizlenmiştir. Görmek için lütfen giriş yapın veya üye olun.
erfect! As you can see it shows all XSS vulnerable URLs on the terminal copy it now and paste it into the browser to see the XSS popup. Or you can wait to finish the full scan so it will generate a clean html report with all the details then you can open that one by one to see xss popup’s
Bu bağlantı ziyaretçiler için gizlenmiştir. Görmek için lütfen giriş yapın veya üye olun.
