Open In App

XanXSS – Simple XSS Finding Tool in Kali Linux

Last Updated : 23 Sep, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

XSS Vulnerability is the most easier Security Flaw which is detected on the target domains, only a route is to be selected from which the malicious payload will be traveled to the server. We can perform this scanning of XSS through automated tools. XanXSS tool is an automated script developed in the Python language which searches for Reflected XSS on the target domain by inserting the malicious payloads onto the parameters. In the XanXSS tool, every payload which is to be run on the server is unique from each other. Although we can also specify our own payload file with extra payloads. XanXSS tool supports polyglot scripts for creating more malicious scripts.XanXSS tool also supports proxy and header changing features. XanXSS tool is available on GitHub, it is free and open-source to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of XanXSS Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/Ekultek/XanXSS.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd XanXSS

Step 3: You are in the directory of the XanXSS. Now you have to install a dependency of the XanXSS using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 xanxss.py -h

Working with XanXSS Tool on Kali Linux OS

Example 1: Pass a URL to test for XSS vulnerabilities

python3 xanxss.py -u “http://testphp.vulnweb.com/search.php?test=” -a 12 -t 12 -f 25 -v

Working Payloads are shown in the below screenshot. These payloads may be executed on the target domain.

Example 2: Pass a textual file containing payloads one per line

python3 xanxss.py -u “http://testphp.vulnweb.com/search.php?test=” -P -v

Polyglots are generated which makes the payload more malicious. We have used -P tag for Polyglot.


Like Article
Suggest improvement
Previous
How to Find Hidden Web Directories with Dirsearch
Next
Ppmap - A Scanner or Exploitation Tool Written In GO
Share your thoughts in the comments

Similar Reads

XSS-Freak - XSS Scanner Fully Written in Kali Linux
PwnXSS - Automated XSS Vulnerability Scanner Tool in Kali Linux
Damn Small XSS Scanner tool in Kali Linux
XSS-Loader - XSS Scanner and Payload Generator
FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner
XSSCon - Simple and Powerful XSS Scanner tool
Webkiller v2.0 - Tool Information Gathering tool in Kali Linux
Cewl Tool - Creating Custom Wordlists Tool in Kali Linux
Tool-X - Hacking Tool Installer in Kali Linux
DalFox - Parameter Analysis and XSS Scanning tool

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox