Tool to check reflecting params and paths in a bunch of URLs
Project description
Rxss
RXSS is a Python tool designed for detecting reflecting params and paths in a bunch of URLs which can lead to reflected Cross-Site Scripting (XSS) vulnerabilities. It utilizes multithreading and customizable payload injection.
Installation
Install RXSS from PyPI using pip:
pip install rxss
Usage
Command-Line Options
usage: rxss [-h] [-i] [-p] [-o] [-t] [-fr] [-maxr] [--timeout] [--ignore-base-url]
optional arguments:
-h, --help show this help message and exit
-i , --urls Path containing a list of URLs to scan
-p , --payload Payload you want to send to check reflection (default: rxss)
-o , --output Path of file to write output to (default: None)
-t , --threads Number of threads to use (default: 50)
-fr, --follow-redirects
Follow HTTP redirects (default: False)
-maxr , --max-redirects
Max number of redirects to follow per host (default: 5)
--timeout Timeout in seconds (default: 10)
--ignore-base-url Disable appending payloads to paths in base URLs (default: False)
Examples
Scan URLs from a file hosts.txt
with default settings:
rxss -i hosts.txt
Scan URLs with a custom payload and output results to output.txt
:
rxss -i hosts.txt -p "<script>alert('XSS')</script>" -o output.txt
Acknowledgments
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
rxss-0.0.1.post3.tar.gz
(7.5 kB
view hashes)
Built Distribution
Close
Hashes for rxss-0.0.1.post3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | cdf47c7241fd39178f556b2256787086afd9ea06129d753745ece94e6995b099 |
|
MD5 | b032f0637d2672057044ad7dd40f1d25 |
|
BLAKE2b-256 | 904b17be161e5b8c862d8dbf35565cd0d2f262cc1e17aae95b2d6665c850a595 |