XSS-Finder: a super powerful and advanced cross-site scripting scanner

Features :

  • Blind XSS
  • Saved XSS using file
  • Persistent XSS using file
  • Reflected XSS
  • Reflecting XSS URLs in Paths
  • DOM XSS
  • Java XSS Special Payloads
  • By eshirovannye page XSS
  • Form-based XSS
  • H TTP Link XSS
  • HTTP Host XSS
  • HTTP Referer XSS
  • HTTP XSS cookies
  • HTTP Location XSS
  • Dump server values

Installation & Run :

Dump and write information

  1. Dumper can create parameters for server, form, etc.
    The registrar will write the response to the results file
    Use grep to check for reflections
    DOM scanner for sync
    Example:
  • Payloads
    Use payloads, update payloads, add more payloads
  1. False positives
    Make sure to remove all new lines, tabs, etc. to reduce false positives in reports

Installation on Kali, ParrotOS, Termux

  1. git clone https://github.com/tegal1337/XSS-Finder

  2. cd XSS-Finder

    chmod u + x Kali_Installer.ss && ./Kali_Installer.sh

    chmod u + x Parrot_Os_Installer.sh && ./Parrot_Os_Installer.sh

    chmod u + x Termux_Installer.sh && ./interface.sh

4 Likes