Git Product home page Git Product logo

badaxss's Introduction

BadAxSS

BadAxSS Tool: to find reflected XSSs

Reflective Cross-Site Scripting (XSS) Tester

This script tests URLs for reflective Cross-Site Scripting (XSS) vulnerabilities by injecting a test string with chars and then checking if they are reflected back in the HTML code.

Installation

This script requires Python 3 and the following packages:

  • requests
  • beautifulsoup4

You can install them using pip:

pip install requests beautifulsoup4

Usage

python Main.py --filename --headers key1:value1,key2:value2

Arguments

  • --filename: Required. Specifies the name of the file containing the URLs to test.
  • --headers: Optional. Allows you to specify custom headers to be included in the requests. Should be in the format key1:value1,key2:value2.

How it works

The script sends GET or POST requests to the URLs in the specified file, injecting a test payload string: ()<>\"';:+ TESTOOO001122. It then checks if the test string is reflected back in the HTML code. If it is, the script checks if at least 3 characters of the payload string are correctly reflected. As well as it tests every parameter in the given URL and teste it even if it doesn't.

Note

This script is intended for educational purposes only. Do not use it to test websites that you do not have permission to test.-Site Scripting (XSS) Tester

This script tests URLs for reflective Cross-Site Scripting (XSS) vulnerabilities by injecting a test string and checking if it is reflected back in the HTML code.

Installation

This script requires Python 3 and the following packages:

  • requests
  • beautifulsoup4

You can install them using pip:

pip install requests beautifulsoup4

Usage

python main.py --filename <filename> [--headers key1:value1,key2:value2]

Arguments

  • --filename: Required. Specifies the name of the file containing the URLs to test.
  • --headers: Optional. Allows you to specify custom headers to be included in the requests. Should be in the format key1:value1,key2:value2.

How it works

The script sends GET or POST requests to the URLs in the specified file, injecting a test payload string: ()<>\"';:+ TESTOOO001122. It then checks if the test string is reflected back in the HTML code. If it is, the script checks if at least 3 characters of the payload string are correctly reflected.

Note

This script is intended for educational purposes only. Do not use it to test websites that you do not have permission to test.

badaxss's People

Contributors

tavgar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.