View Issue Details

IDProjectCategoryView StatusLast Update
0005968Kali Linux[All Projects] New Tool Requestspublic2020-01-13 13:20
Reportermrharoonawan Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
Product Version 
Target VersionFixed in Version 
Summary0005968: XSS-Finder - World's most Powerful and Advanced Cross Site Scripting Software
DescriptionHey.

Add this tool.
Https://github.com/haroonawanofficial/XSS-Finder

It can find xss on any path:
1. Link
2. Parameter
3. URN
4. URI
5. Directory

It is only tool in market to automatically find:
1. Live Dom Sinks
2. Live DOM hashed links XSS

Requests:
1. Get
2. Post
3. Head
4. Fake request

Extra Request:
1. HTTP Referer
2. HTTP Cookie XSS
3. HTTP Location XSS
4. HTTP Host XSS
5. HTTP Link XSS
6. HTTP Trace XSS

Everything is encoded properly with payloads.

Featured:
1. Raidforums
2. Kelvinsecurity
And more....

Updating payloads are really easy,
Fale positive ratio is really low.
 I don't think I need to say more.

Activities

mrharoonawan

2020-01-02 22:47

reporter   ~0011795

Dom links scanner for XSS is supported too.

Example:
Https://www.example.com/index.php#
Https://www.example.com/index.php?dom_function_here=dom_variable_here#

It will start to test this hashed dom link for automatic xss using terminal

g0tmi1k

2020-01-13 13:20

administrator   ~0011883

This looks like spaghetti code... (bash calling python calling bash?)

It also looks like its using python2 (Which is now EOL) ~ https://github.com/haroonawanofficial/XSS-Finder/blob/master/Kali_Installer.sh#L45

Issue History

Date Modified Username Field Change
2020-01-02 22:42 mrharoonawan New Issue
2020-01-02 22:47 mrharoonawan Note Added: 0011795
2020-01-06 13:00 g0tmi1k Priority immediate => normal
2020-01-06 13:01 g0tmi1k Product Version 2019.4 =>
2020-01-06 13:02 g0tmi1k View Status private => public
2020-01-06 13:06 g0tmi1k Severity major => feature
2020-01-06 13:24 g0tmi1k Summary Codename: ScreamingCobra => XSS-Finder - World's most Powerful and Advanced Cross Site Scripting Software
2020-01-13 13:20 g0tmi1k Status new => closed
2020-01-13 13:20 g0tmi1k Resolution open => won't fix
2020-01-13 13:20 g0tmi1k Note Added: 0011883