ass2inXSS

intro

ass2inXSS is a xss scanner which use regexp to analyze the context. After finishing scanning, it will list xss vuln details according to the context. With this, you can get which type the vuln belongs and make decision on which payload to choose.

install

go get -u github.com/YuLinSecTeam/ass2inXSS

usage

  Usage of ass2inXSS:
  -C value
        -C a=1;b=2
  -D string
        -D "a=1&b=2"
  -H value
        -H "x-forward-for:127.0.0.1"
  -X string
        -X GET (default "GET")
  -timeout int
        -timeout 2 (default 5)
  -url string
        -u example.com

result

Context: html
VulPara: a
VerboseInfo: use normal html tag

how to test url list?

url.txt

http://brutelogic.com.br/xss.php?a=1
http://brutelogic.com.br/xss.php?b1=1

one line command(you can difine a shell func to simplify)

cat url.txt | xargs -t -l ass2inXSS -url

you will get:

ass2inXSS -url http://brutelogic.com.br/xss.php?a=1 

Context: html
VulPara: a
VerboseInfo: use normal html tag

ass2inXSS -url http://brutelogic.com.br/xss.php?b1=1 

Context: htmli
VulPara: b1
VerboseInfo: ' or " can use in html tag


Context: htmlo
VulPara: b1
VerboseInfo: '> or "> can break out html tag

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
core		core
README.md		README.md
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

core

core

README.md

README.md

main.go

main.go

Repository files navigation

ass2inXSS

intro

install

usage

result

how to test url list?

url.txt

one line command(you can difine a shell func to simplify)

About

Releases

Packages

Languages

YuLinSecTeam/ass2inXSS

Folders and files

Latest commit

History

Repository files navigation

ass2inXSS

intro

install

usage

result

how to test url list?

url.txt

one line command(you can difine a shell func to simplify)

About

Resources

Stars

Watchers

Forks

Languages