Open In App

XanXSS – Simple XSS Finding Tool in Kali Linux

Last Updated : 23 Sep, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

XSS Vulnerability is the most easier Security Flaw which is detected on the target domains, only a route is to be selected from which the malicious payload will be traveled to the server. We can perform this scanning of XSS through automated tools. XanXSS tool is an automated script developed in the Python language which searches for Reflected XSS on the target domain by inserting the malicious payloads onto the parameters. In the XanXSS tool, every payload which is to be run on the server is unique from each other. Although we can also specify our own payload file with extra payloads. XanXSS tool supports polyglot scripts for creating more malicious scripts.XanXSS tool also supports proxy and header changing features. XanXSS tool is available on GitHub, it is free and open-source to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of XanXSS Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/Ekultek/XanXSS.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd XanXSS

Step 3: You are in the directory of the XanXSS. Now you have to install a dependency of the XanXSS using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 xanxss.py -h

Working with XanXSS Tool on Kali Linux OS

Example 1: Pass a URL to test for XSS vulnerabilities

python3 xanxss.py -u “http://testphp.vulnweb.com/search.php?test=” -a 12 -t 12 -f 25 -v

Working Payloads are shown in the below screenshot. These payloads may be executed on the target domain.

Example 2: Pass a textual file containing payloads one per line

python3 xanxss.py -u “http://testphp.vulnweb.com/search.php?test=” -P -v

Polyglots are generated which makes the payload more malicious. We have used -P tag for Polyglot.


Similar Reads

XSS-Freak - XSS Scanner Fully Written in Kali Linux
XSS or Cross-Site Scripting is the most emerging security flaw in Web Applications. When the arbitrary or malicious JavaScript is executed by the web application then it is said to be an XSS Vulnerable Website. There are various XSS Scanners through which we can detect the XSS on the target domain. XSS-Freak is an XSS Scanner developed in the Pytho
3 min read
PwnXSS - Automated XSS Vulnerability Scanner Tool in Kali Linux
PwnXSS is a free and open-source tool available on Github. This tool is specially designed to find cross-site scripting. This tool is written in python. You must have python 3.7 installed in your Kali Linux. There are lots of websites on the internet which are vulnerable to cross-site scripting(XSS). This tool makes finding cross-site scripting eas
3 min read
Damn Small XSS Scanner tool in Kali Linux
DSXS or Damn Small XSS Scanner is a free and open-source tool available on GitHub. Cross-site scripting or XSS is a vulnerability that can be used to hack websites. This tool helps to find such vulnerabilities easily. DSXS makes finding cross-site scripting easy. DSXS works like a scanner. The Internet has millions of websites and web apps a questi
2 min read
XSS-Loader - XSS Scanner and Payload Generator
Cross-Site Scripting or XSS vulnerability is the flaw included in the OWASP Top 10 Vulnerabilities. In this Security Flaw, the Attacker generates a malicious JavaScript Payload code that has the intention to steal the cookies of the victim or to perform an account takeover. Sometimes this Flaw can create a severe problem on the back end of the web
3 min read
FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner
DOM XSS stands for Document Object Model-based Cross-site Scripting. DOM-based vulnerabilities occur within the content processing stage performed on the client, typically in client-side JavaScript. In a DOM-based XSS attack, the malicious string is not parsed by the victim’s browser until the website’s authentic JavaScript is executed. To perform
2 min read
XSSCon - Simple and Powerful XSS Scanner tool
XSSCon tool is a Python-based tool that features a powerful XSS (Cross-Site Scripting) Scanner. XSS is the most common vulnerability, which is identified on almost every web-based application; you only have to find an input field where you can inject your malicious payload. Automation can reduce your manual work if there is enormous scope in your t
3 min read
Webkiller v2.0 - Tool Information Gathering tool in Kali Linux
Webkiller is a free and open-source tool available on GitHub. Webkiller is used as an information-gathering tool. Webkiller is used to scan websites for information gathering and finding vulnerabilities in websites and webapps. The whois data collection gives us information about Geoip lookup, Banner grabbing, DNS lookup, port scanning, sub-domain
3 min read
Cewl Tool - Creating Custom Wordlists Tool in Kali Linux
In this article, we will see how to create a wordlist with the Kali Linux tool Cewl and what options are available in this post. Cewl is a Ruby program that crawls a URL to a defined depth, optionally following external links, and produces a list of keywords that password crackers such as John the Ripper can use to crack passwords. can. FAB (Files
4 min read
Tool-X - Hacking Tool Installer in Kali Linux
Tool-X is a free and open-source tool written in python that is available on GitHub. Tool-X is used by security researchers and pen-testers in the early stages of reconnaissance and pen-testing. It is an installer framework for Kali Linux that has approximately 300 tools available on its menu. It will provide a command-line user interface that you
2 min read
DalFox - Parameter Analysis and XSS Scanning tool
Dalfox tool is a fast, parameter analysis and Cross-site Scripting (XSS) scanner tool based on a DOM(Document Object Model) parser. The XSS Dalfox has some additional features that test for SQL injection(SQLi), Server-Side Template Injection(SSTI), and open-redirects. Dalfox is a Golang language-based tool. Dalfox is also capable of finding reflect
3 min read