Massive XSS Scanning with One Linier Prompt: Pre-requirements
1. Golang 2. Gau (Get All URL) 3. Uro (delete duplicate site) 4. Dalfox (XSS Scanner) Installation 1. Install Golang: sudo apt install golang-go
2. Multi tools install one prompt:
sudo apt update
sudo apt install -y grep sed golang-go
go install github.com/lc/gau/v2/cmd/gau@latest
go install https://github.com/s0md3v/uro
go install http://github.com/hahwul/dalfox/v2@latest
pip3 install uro
3. Multi Scan sitelist XSS with Dalfox: cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | dalfox pipe –skip-bav –no-color –mass
4. Multi Sitelist XSS with Custom XSS: cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | dalfox pipe –custom-payload payloads.txt –skip-bav –no-color –mass
Alternative Tools With Multi Scanning:
1. With XSS Strike cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | while read url; do python3 XSStrike/xsstrike.py -u “$url” –skip; done
2. With KXSS cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | kxss | while read url; do echo “$url”; done
3. With Nuclei cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | nuclei -t vulnerabilities/xss/ -silent
4. With XSSer cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | while read url; do xsser –url “$url”; done
SOURCE: – https://github.com/s0md3v/uro – https://github.com/hahwul/dalfox – https://github.com/lc/gau
Leave a Reply