Tool to check reflecting params and paths in a bunch of URLs
Project description
Rxss
RXSS is a Python tool designed for detecting reflecting params and paths in a bunch of URLs which can lead to reflected Cross-Site Scripting (XSS) vulnerabilities. It utilizes multithreading and customizable payload injection.
Installation
Install RXSS from PyPI using pip:
pip install rxss
Usage
Command-Line Options
usage: rxss [-h] [-i] [-p] [-o] [-t] [-fr] [-maxr] [--timeout] [--ignore-base-url]
optional arguments:
-h, --help show this help message and exit
-i , --urls Path containing a list of URLs to scan
-p , --payload Payload you want to send to check reflection (default: rxss)
-o , --output Path of file to write output to (default: None)
-t , --threads Number of threads to use (default: 50)
-fr, --follow-redirects
Follow HTTP redirects (default: False)
-maxr , --max-redirects
Max number of redirects to follow per host (default: 5)
--timeout Timeout in seconds (default: 10)
--ignore-base-url Disable appending payloads to paths in base URLs (default: False)
Examples
Scan URLs from a file hosts.txt
with default settings:
rxss -i hosts.txt
Scan URLs with a custom payload and output results to output.txt
:
rxss -i hosts.txt -p "<script>alert('XSS')</script>" -o output.txt
Acknowledgments
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
rxss-0.0.1.post4.tar.gz
(7.5 kB
view hashes)
Built Distribution
Close
Hashes for rxss-0.0.1.post4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5984b9ac2e149fdae6e1ad4af38cd60c2827cc806e9023e9aa42520dc61ae127 |
|
MD5 | f0b45fbba07f81b52a93cb7098191c84 |
|
BLAKE2b-256 | 4b7a7270fc8aa2f216aaee2c983395f5cc919c91c3df5cec574ac4066db2e807 |