• We just launched and are currently in beta. Join us as we build and grow the community.

QuickXSS – True Automated XSS Vulnerability Finder

SnugLyfe

Data Sharding Expert
S
S Rep
0
0
0
Rep
0
S Vouches
0
0
0
Vouches
0
Posts
87
Likes
23
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 400 XP
Black-White-and-Red-Gamer-Grunge-MMO-Role-Playing-Youtube-Thumbnail.png


Hey Folks, today’s article is going to be very interesting and important for bug bounty hunters because in this article we will tell you about a tool by which you can easily find cross site scripting (XSS) vulnerability in any web application through waybackurls.

Let’s take a look at it 🙂 !!

Installation of Golang

First of all we have to install GO in our system and set the GOPATH environment variables one by one. We are pretty sure that you will not get any error after executing the given commands carefully commands.

sudo apt install -y golang
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
source .bashrc12345sudo apt install-ygolangexport GOROOT=/usr/lib/goexport GOPATH=$HOME/goexport PATH=$GOPATH/bin:$GOROOT/bin:$PATHsource.bashrc

1.png

QuickXSS Tool Installation

Now let us move to the second part of this article where we have to install this tool using the command given below. After waiting few seconds you will automatically exit from the installation part and then you can run this tool.

git clone https://github.com/theinfosecguy/QuickXSS.git
cd QuickXSS
chmod +x install.sh
./install.sh1234git clone
https://github.com/theinfosecguy/QuickXSS.gitcd QuickXSSchmod+xinstall.sh./install.sh

2.png

Triggered XSS Vulnerability

Now it’s time to demonstrate an example of this tool. You just need to give the domain name you want to hunt and it will automatically find the working “params” first and then exploit on them to find XSS vulnerabilities. In addition, it generates a complete report of the domain that you have given it with the exploited “params” too.

bash QuickXSS.sh -d testphp.vulnweb.com1bash QuickXSS.sh-dtestphp.vulnweb.com

3.png


Good 🙂 !! After executing the command it gives us all the details about the target and the mode of attack.

4.png


Nice 🙂 !! In addition, it is also capable of finding other vulnerabilities as you can see in the image below that it has successfully detected the “SQL Injection” vulnerability in the web application.

5.png


Done 🙂 !! As you can see the vulnerable “parameter” is found successfully and even it gave us complete command with payload to exploit directly.

6.png


Work :O !! But we check once and get the result like you can see in the image below. s you can see how quickly we found critical vulnerability on web application.

7.png


Great 😛 !! As we told you earlier that it saves all exploited placed along with payload which you can easily check later by going to the directory of the domain exactly which you gave it.

8.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

422,212

310,551

310,560

A Ahmad19979
Top