View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005968Kali LinuxNew Tool Requestspublic2020-01-02 22:422020-01-13 13:20
Reportermrharoonawan Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
Summary0005968: XSS-Finder - World's most Powerful and Advanced Cross Site Scripting Software
Description

Hey.

Add this tool.
Https://github.com/haroonawanofficial/XSS-Finder

It can find xss on any path:

  1. Link
  2. Parameter
  3. URN
  4. URI
  5. Directory

It is only tool in market to automatically find:

  1. Live Dom Sinks
  2. Live DOM hashed links XSS

Requests:

  1. Get
  2. Post
  3. Head
  4. Fake request

Extra Request:

  1. HTTP Referer
  2. HTTP Cookie XSS
  3. HTTP Location XSS
  4. HTTP Host XSS
  5. HTTP Link XSS
  6. HTTP Trace XSS

Everything is encoded properly with payloads.

Featured:

  1. Raidforums
  2. Kelvinsecurity
    And more....

Updating payloads are really easy,
Fale positive ratio is really low.
I don't think I need to say more.

Activities

mrharoonawan

mrharoonawan

2020-01-02 22:47

reporter   ~0011795

Dom links scanner for XSS is supported too.

Example:
Https://www.example.com/index.php#
Https://www.example.com/index.php?dom_function_here=dom_variable_here#

It will start to test this hashed dom link for automatic xss using terminal
g0tmi1k

g0tmi1k

2020-01-13 13:20

administrator   ~0011883

This looks like spaghetti code... (bash calling python calling bash?)

It also looks like its using python2 (Which is now EOL) ~ https://github.com/haroonawanofficial/XSS-Finder/blob/master/Kali_Installer.sh#L45

Issue History

Date Modified Username Field Change
2020-01-02 22:42 mrharoonawan New Issue
2020-01-02 22:47 mrharoonawan Note Added: 0011795
2020-01-06 13:00 g0tmi1k Priority immediate => normal
2020-01-06 13:01 g0tmi1k Product Version 2019.4 =>
2020-01-06 13:02 g0tmi1k View Status private => public
2020-01-06 13:06 g0tmi1k Severity major => feature
2020-01-06 13:24 g0tmi1k Summary Codename: ScreamingCobra => XSS-Finder - World's most Powerful and Advanced Cross Site Scripting Software
2020-01-13 13:20 g0tmi1k Status new => closed
2020-01-13 13:20 g0tmi1k Resolution open => won't fix
2020-01-13 13:20 g0tmi1k Note Added: 0011883