Automate XSS workflows with waybackurls, gau, gf, and dalfox.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for theinfosecguy from gravatar.com theinfosecguy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: theinfosecguy
  • Requires: Python >=3.12
  • Provides-Extra: dev
Report project as malware

Project description

QuickXSS

Automate your XSS workflow by chaining waybackurls, gau, gf, and dalfox.

Requirements

QuickXSS orchestrates external tools. Install these first:

Example (Go-based installs):

go install github.com/tomnomnom/gf@latest
go install github.com/tomnomnom/waybackurls@latest
go install github.com/hahwul/dalfox/v2@latest
go install github.com/lc/gau@latest

mkdir -p ~/.gf
git clone https://github.com/tomnomnom/gf /tmp/gf
cp -r /tmp/gf/examples/* ~/.gf/

git clone https://github.com/1ndianl33t/Gf-Patterns /tmp/Gf-Patterns
cp -r /tmp/Gf-Patterns/*.json ~/.gf/

Install QuickXSS

Recommended with pipx:

pipx install .

Or with pip:

pip install .

Usage

quickxss scan -d example.com
quickxss scan -d example.com -b blind.xss.ht
quickxss scan -d example.com -o results.txt

Setup

Check dependencies:

quickxss setup

Install missing dependencies (macOS/Linux with brew/apt):

quickxss setup --install

On Windows, setup is check-only and prints manual install commands.

Docker

Build and run using Docker:

docker build -t quickxss .
docker run --rm -it quickxss scan -d example.com

Output

Results are stored under results/<domain>/ by default:

  • <domain>.txt (raw URL collection)
  • <domain>_temp_xss.txt (gf output before de-dup)
  • <domain>_xss.txt (candidate URLs)
  • results.txt (dalfox output; always created)

Development

Run tests:

pytest

Integration tests (requires external tools + network):

QUICKXSS_INTEGRATION=1 pytest -m integration

Sort imports:

isort quickxss tests

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for theinfosecguy from gravatar.com theinfosecguy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: theinfosecguy
  • Requires: Python >=3.12
  • Provides-Extra: dev

Release history Release notifications | RSS feed

3.0.1

This version

3.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quickxss-3.0.0.tar.gz (16.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

quickxss-3.0.0-py3-none-any.whl (20.5 kB view details)

Uploaded Python 3

File details

Details for the file quickxss-3.0.0.tar.gz.

File metadata

  • Download URL: quickxss-3.0.0.tar.gz
  • Upload date:
  • Size: 16.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.4

File hashes

Hashes for quickxss-3.0.0.tar.gz
Algorithm Hash digest
SHA256 bc5d34c53da846b55e9a3111b9ea45da8c98cc9a06bafa3945cf41aa60fb5019
MD5 678fd7f22f5ac8127da70c10c46501c9
BLAKE2b-256 2c5b1d5545528529255dab434c74e74285c24541039981649db9dd0567f3915b

See more details on using hashes here.

File details

Details for the file quickxss-3.0.0-py3-none-any.whl.

File metadata

  • Download URL: quickxss-3.0.0-py3-none-any.whl
  • Upload date:
  • Size: 20.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.4

File hashes

Hashes for quickxss-3.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 18f729bf6ee13dccc1caff8dc27855f319e5689e1eb3a3caf96bf674135b1141
MD5 03e0dd381eb04835bb144800d0c29734
BLAKE2b-256 3e345dd2f6b767ee4acfaaeeb0588e386f35b8e722448e46c852a8bf36f4ceae

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page