One Liner XSS Bug Bounty

one-liner-xss-bugbounty

Massive XSS Scanning with One Linier Prompt: Pre-requirements

1. Golang 2. Gau (Get All URL) 3. Uro (delete duplicate site) 4. Dalfox (XSS Scanner) Installation 1. Install Golang: sudo apt install golang-go

2. Multi tools install one prompt:

sudo apt update

sudo apt install -y grep sed golang-go

go install github.com/lc/gau/v2/cmd/gau@latest

go install https://github.com/s0md3v/uro

go install http://github.com/hahwul/dalfox/v2@latest

pip3 install uro

3. Multi Scan sitelist XSS with Dalfox: cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | dalfox pipe –skip-bav –no-color –mass

4. Multi Sitelist XSS with Custom XSS: cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | dalfox pipe –custom-payload payloads.txt –skip-bav –no-color –mass

Alternative Tools With Multi Scanning:

1. With XSS Strike cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | while read url; do python3 XSStrike/xsstrike.py -u “$url” –skip; done

2. With KXSS cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | kxss | while read url; do echo “$url”; done

3. With Nuclei cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | nuclei -t vulnerabilities/xss/ -silent

4. With XSSer cat sitelist.txt | gau | grep ‘=’ | grep -E ‘\.php|\.asp|\.aspx|\.jsp’ | sed ‘s/=.*/=1/’ | uro | while read url; do xsser –url “$url”; done

SOURCE: – https://github.com/s0md3v/urohttps://github.com/hahwul/dalfoxhttps://github.com/lc/gau

Be the first to comment

Leave a Reply

Your email address will not be published.


*