Tool to check reflecting params and paths in a bunch of URLs
Project description
Rxss
RXSS is a Python tool designed for detecting reflecting params and paths in a bunch of URLs which can lead to reflected Cross-Site Scripting (XSS) vulnerabilities. It utilizes multithreading and customizable payload injection.
Installation
Install RXSS from PyPI using pip:
pip install rxss
Usage
Command-Line Options
usage: rxss [-h] [-i] [-p] [-o] [-t] [-fr] [-maxr] [--timeout] [--ignore-base-url]
optional arguments:
-h, --help show this help message and exit
-i , --urls Path containing a list of URLs to scan
-p , --payload Payload you want to send to check reflection (default: rxss)
-o , --output Path of file to write output to (default: None)
-t , --threads Number of threads to use (default: 50)
-fr, --follow-redirects
Follow HTTP redirects (default: False)
-maxr , --max-redirects
Max number of redirects to follow per host (default: 5)
--timeout Timeout in seconds (default: 10)
--ignore-base-url Disable appending payloads to paths in base URLs (default: False)
--random-user-agent Use randomly selected HTTP User-Agent header value (default: False)
Examples
Scan URLs from a file hosts.txt
with default settings:
rxss -i hosts.txt
Scan URLs with a custom payload and output results to output.txt
:
rxss -i hosts.txt -p "<script>alert('XSS')</script>" -o output.txt
Acknowledgments
- Built with Python
- Utilizes Requests for HTTP requests
- qsreplace for query string manipulation
- Uses fake_useragent to parse arbitrary user-agent values
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
rxss-0.0.2.tar.gz
(7.7 kB
view hashes)
Built Distribution
rxss-0.0.2-py3-none-any.whl
(8.3 kB
view hashes)