F.A.Q

XSS-Finder

• World's Most Powerful and Advanced Cross Site Scripting Software
• Find XSS on any path of URL, URI, URN, Forms, Directory, Hashed Dom Link, Dom Sink or Parameters
• Useful for Newbies to Pro

License

• EULA

Installation & Run

• Run Installers & enter in terminal: ScreamingCobra

Screenshots

Features

• Host Blind XSS Server
• Blind XSS
• Stored XSS using File
• Persistent XSS using File
• Reflected XSS
• URL Reflection XSS in Paths
• Dom XSS
• Special Java XSS payloads
• Cached Pages XSS
• Form Based XSS
• Find Dom Sinks
• Dom Hashed Link XSS
• Dom Hashed Sink XSS
• HTTP Link XSS
• HTTP Host XSS
• HTTP Referer XSS
• HTTP Cookies XSS
• HTTP Location XSS
• HTTP Trace XSS
• HTTP Trace with fake headers XSS
• Dump server values for Forms
• Dump server values for Parameters

Anti IDS Tactics

• Build with handcrafted Anti IDS payloads for Cross Site Scriptingand

Blind XSS Server

• Host Blind xss server in your pc with outbound to inbound connection

Blind XSS File

• Change values in blind xss file according to your own needs

Dumping and Recoder Information

• Dumper can dump server parameters, forms, etc
• Recoder will record response in result file
• Use grep to check reflections

Full Live Dom Scanner for Sinks

• Live Dom scanner on websites for dom sinks with notification

Automatic Dom XSS Scanner on Hash

• Automatic Dom XSS Scanner will automatic scan XSS on any found Sink or link

Dom Sink or Link Example

• Example: <script> var x = document.URL.substring(document.URL.indexOf("name=")+5);document.write(name + "!"); </script>
• Example: https://www.example.com/index.php?name=test# <- Software will inject payloads after HASH using firefox

Payloads

• Use payloads, update payloads, add more payloads

False Positive

• Be sure to remove any newlines, tabs, etc for less false positive reports

Appeared

• https://blog.kelvinsecurity.com/2019/09/23/ultimate-swiss-knife-for-finding-xss-in-parameters-uri-url-urn-and-post-based-fuzzing/
• Hacker's Life

Tweets

• Over, 1000+ tweets

Official Video

• https://www.youtube.com/watch?v=7zHmizAjQ4o

Kali, ParrotOS Installation

• chmod u+x & && ./Kali_Installer.sh
• chmod u+x * && ./Parrot_Os_Installer.sh

Kali, ParrotOS Interface

• ./interface.sh

Termux Installation

• chmod u+x Termux_Installer.sh

Termux Interface

• ./termuxinterface.sh

Compatible

• Android Led TV, Termux, Linux, Unix, Windows

Fuzzy Logic

• https://example.com.pk/pages.php?id=
• https://example.com.pk/pages.php?id=id=id=id=
• https://example.com.pk/pages.php#
• https://example.com.pk/pages/
• https://example.com.pk/pages.php?id#
• Parameters, Forms, Code Values using exclusive curl payloads

Update Code

• Code can be update and expand from time to time

Contact

• mrharoonawna@gmail.com

Sponsor & Support via BTC

• 3BuUYgEgsRuEra4GwqNVLKnDCTjLEDfptu