Open In App

XSS-Freak – XSS Scanner Fully Written in Kali Linux

Last Updated : 14 Sep, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

XSS or Cross-Site Scripting is the most emerging security flaw in Web Applications. When the arbitrary or malicious JavaScript is executed by the web application then it is said to be an XSS Vulnerable Website. There are various XSS Scanners through which we can detect the XSS on the target domain. XSS-Freak is an XSS Scanner developed in the Python Language. XSS-Freak tool is an open-source and free-to-use tool also available on GitHub. XSS-Freak tool crawls the target domain for all possible links and directories to increase the chances of attack.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

How does XSS-Freak work

Once the Script is executed through Python Interpreter, the user needs to specify the list of XSS payloads that will be tested on the target domain. XSS-Freak tool then crawls the directories and links and analysis the parameters from which the payloads can be inserted and the testing process can be done. Then the XSS-Freak tool adds all the found HTML INPUTS to its attack scope then the XSS-Freak tool launches an ATTACK on all HTML INPUTS with the XSS payloads the user provided from the list. if the HTML INPUT IS NOT SANITIZED PROPERLY and Filtered The Script Will Instantly Detect It and Will Print Out The Vulnerable Parameter.

Advantages:

  • XSS-Freak tool has support for Multi-threading for Higher Efficiency and Faster Performance Processing.
  • XSS-Freak has the Crawling ability over complete websites.
  • XSS-Freak tool is Versatile.

Disadvantages:

  • Not supported on the phones
  • Requires a high-speed Internet connection
  • Requires advanced hardware

Installation of XSS-Freak Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/AssetX/XSS-Freak.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd XSS-Freak

Step 3: You are in the directory of the XSS-Freak. Now you have to install a dependency of the XSS-Freak using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 XSS-Freak.py -h

Working with XSS-Freak Tool on Kali Linux OS

Example 1: We will be testing http://geeksforgeeks.org target domain

In this example, We will be testing the geeksforgeeks.org domain. We will specify the list of XSS consisting of Payloads.

As geeksforgeeks.org is Secured Website, the tool has not detected any vulnerable parameters.

Example 2: We will be testing http://testphp.vulnweb.com target domain

In this example, We will be scanning the testphp.vulnweb.com domain.

We have got one vulnerable parameter or input through which we can insert the payload.


Like Article
Suggest improvement
Previous
Detecting and Checking Rootkits with Chkrootkit and rkhunter Tool in Kali Linux
Next
XSS-Loader - XSS Scanner and Payload Generator
Share your thoughts in the comments

Similar Reads

XSS-Loader - XSS Scanner and Payload Generator
FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner
PwnXSS - Automated XSS Vulnerability Scanner Tool in Kali Linux
Damn Small XSS Scanner tool in Kali Linux
XanXSS - Simple XSS Finding Tool in Kali Linux
XSSCon - Simple and Powerful XSS Scanner tool
Traxss – Automated XSS Vulnerability Scanner
XIRA - XSS Vulnerablity Scanner
Knock - Subdomain Scanner Tool in Kali Linux
Striker - IP scanner in Kali Linux

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox