XSS-Freak – XSS Scanner Fully Written in Kali Linux
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux
How does XSS-Freak work
Once the Script is executed through Python Interpreter, the user needs to specify the list of XSS payloads that will be tested on the target domain. XSS-Freak tool then crawls the directories and links and analysis the parameters from which the payloads can be inserted and the testing process can be done. Then the XSS-Freak tool adds all the found HTML INPUTS to its attack scope then the XSS-Freak tool launches an ATTACK on all HTML INPUTS with the XSS payloads the user provided from the list. if the HTML INPUT IS NOT SANITIZED PROPERLY and Filtered The Script Will Instantly Detect It and Will Print Out The Vulnerable Parameter.
- XSS-Freak tool has support for Multi-threading for Higher Efficiency and Faster Performance Processing.
- XSS-Freak has the Crawling ability over complete websites.
- XSS-Freak tool is Versatile.
- Not supported on the phones
- Requires a high-speed Internet connection
- Requires advanced hardware
Installation of XSS-Freak Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/AssetX/XSS-Freak.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the XSS-Freak. Now you have to install a dependency of the XSS-Freak using the following command.
sudo pip3 install -r requirements.txt
Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
python3 XSS-Freak.py -h
Working with XSS-Freak Tool on Kali Linux OS
Example 1: We will be testing http://geeksforgeeks.org target domain
In this example, We will be testing the geeksforgeeks.org domain. We will specify the list of XSS consisting of Payloads.
As geeksforgeeks.org is Secured Website, the tool has not detected any vulnerable parameters.
Example 2: We will be testing http://testphp.vulnweb.com target domain
In this example, We will be scanning the testphp.vulnweb.com domain.
We have got one vulnerable parameter or input through which we can insert the payload.