Skip to content

sucloudflare/xss

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
xss.py
xss.py
 
 

Repository files navigation

Pesquisa pra achar forms em HTML pra XSS no Google

  1. inurl:login.php | inurl:login.html
  2. inurl:admin.php | inurl:admin.html
  3. inurl:signin.php | inurl:signin.html
  4. inurl:auth.php | inurl:auth.html
  5. inurl:authenticate.php | inurl:authenticate.html
  6. inurl:wp-login.php filetype:php
  7. inurl:admin/login.php filetype:php
  8. inurl:user/login.html filetype:html
  9. inurl:dashboard/login.php
  10. inurl:portal/login.html
  11. inurl:secure/login.php
  12. inurl:cpanel/login.html
  13. inurl:webmail/login.php
  14. inurl:account/login.html
  15. inurl:panel/login.php
  16. inurl:login.aspx filetype:aspx
  17. inurl:login.jsp filetype:jsp
  18. inurl:login.cgi filetype:cgi
  19. inurl:login.cfm filetype:cfm
  20. inurl:login.py filetype:py

Pesquisa pra achar forms de busca e contato em HTML 2

  1. inurl:search.php | inurl:search.html
  2. inurl:contact.php | inurl:contact.html
  3. inurl:search.asp | inurl:search.htm
  4. inurl:contact.asp | inurl:contact.htm
  5. inurl:search.jsp | inurl:search.html filetype:html
  6. inurl:contact.jsp | inurl:contact.html filetype:html
  7. inurl:search.cgi | inurl:search.htm
  8. inurl:contact.cgi | inurl:contact.htm
  9. inurl:search.cfm | inurl:search.html
  10. inurl:contact.cfm | inurl:contact.html
  11. inurl:search.py | inurl:search.htm filetype:html
  12. inurl:contact.py | inurl:contact.htm filetype:html
  13. intitle:"search" inurl:html | intitle:"pesquisa" inurl:html
  14. intitle:"contact" inurl:html | intitle:"contato" inurl:html
  15. intext:"search form" inurl:html | intext:"formulário de pesquisa" inurl:html
  16. intext:"contact form" inurl:html | intext:"formulário de contato" inurl:html
  17. inurl:search filetype:html intext:"submit"
  18. inurl:contact filetype:html intext:"submit"
  19. inurl:search.html filetype:html intitle:"search"
  20. inurl:contact.html filetype:html intitle:"contact"

Instalação

Clonar o Repositório:

git clone https://github.com/sucloudflare/xss.git
cd xss

Criar e Ativar Ambiente Virtual (recomendado):

python3 -m venv venv
source venv/bin/activate  # Linux/macOS
venv\Scripts\activate     # Windows

Instalar Dependências:

pip install aiohttp backoff matplotlib

Verificar Permissões:

chmod +x ./xss.py
chmod u+w ~/Downloads

Como Executar

Iniciar a Ferramenta:

python3 xss.py

Isso abre a interface gráfica (GUI).

Configurar na GUI:

Aba "Configurações":

  • Targets (URLs): Insira uma URL (ex.: https://example.com/login) ou arquivo .txt com URLs (uma por linha).
  • Params to Hack: Liste parâmetros (ex.: username,password,query), separados por vírgulas.
  • Session Cookies (JSON): Opcional, insira cookies (ex.: {"session_id": "abc123"}).
  • Proxy Intercept: Opcional, insira proxy (ex.: http://127.0.0.1:8080 para Burp Suite).

➡️ Clique em Hunt XSS para iniciar.

Monitorar Resultados:

  • Aba "Console Logs": Logs em tempo real (vermelho para XSS detectado, verde para normal, laranja para erros).
  • Aba "Hack Results": Tabela com contexto, método, URL, payload, status, severidade e PoC.
  • Aba "Vuln Stats": Gráficos de vulnerabilidades por contexto e timeline.
  • Aba "Dashboard": Resumo (ex.: "Vulnerabilities: 5 (Critical: 1, High: 2, Medium: 2, Low: 0)").

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages