Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

XSS-Freak – XSS Scanner Fully Written in Kali Linux

  • Last Updated : 14 Sep, 2021

XSS or Cross-Site Scripting is the most emerging security flaw in Web Applications. When the arbitrary or malicious JavaScript is executed by the web application then it is said to be an XSS Vulnerable Website. There are various XSS Scanners through which we can detect the XSS on the target domain. XSS-Freak is an XSS Scanner developed in the Python Language. XSS-Freak tool is an open-source and free-to-use tool also available on GitHub. XSS-Freak tool crawls the target domain for all possible links and directories to increase the chances of attack.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

How does XSS-Freak work

Once the Script is executed through Python Interpreter, the user needs to specify the list of XSS payloads that will be tested on the target domain. XSS-Freak tool then crawls the directories and links and analysis the parameters from which the payloads can be inserted and the testing process can be done. Then the XSS-Freak tool adds all the found HTML INPUTS to its attack scope then the XSS-Freak tool launches an ATTACK on all HTML INPUTS with the XSS payloads the user provided from the list. if the HTML INPUT IS NOT SANITIZED PROPERLY and Filtered The Script Will Instantly Detect It and Will Print Out The Vulnerable Parameter.

Advantages:

  • XSS-Freak tool has support for Multi-threading for Higher Efficiency and Faster Performance Processing.
  • XSS-Freak has the Crawling ability over complete websites.
  • XSS-Freak tool is Versatile.

Disadvantages:

  • Not supported on the phones
  • Requires a high-speed Internet connection
  • Requires advanced hardware

Installation of XSS-Freak Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/AssetX/XSS-Freak.git



Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd XSS-Freak

Step 3: You are in the directory of the XSS-Freak. Now you have to install a dependency of the XSS-Freak using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 XSS-Freak.py -h

Working with XSS-Freak Tool on Kali Linux OS

Example 1: We will be testing http://geeksforgeeks.org target domain

In this example, We will be testing the geeksforgeeks.org domain. We will specify the list of XSS consisting of Payloads.



As geeksforgeeks.org is Secured Website, the tool has not detected any vulnerable parameters.

Example 2: We will be testing http://testphp.vulnweb.com target domain

In this example, We will be scanning the testphp.vulnweb.com domain.

We have got one vulnerable parameter or input through which we can insert the payload.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!