Search the Community
Showing results for tags 'xanxss'.
-
____ ___ ____ ___ _________ _________ \ \/ /____ ____ \ \/ / / _____// _____/ \ /\__ \ / \ \ / \_____ \ \_____ \ / \ / __ \| | \/ \ / \/ \ /___/\ (____ /___| /___/\ \/_______ /_______ / \_/ \/ \/ \_/ \/ \/ Twitter-> @stay__salty Github --> ekultek Version---> v(0.1) XanXSS is a reflected XSS searching tool (DOM coming soon) that creates payloads based from templates. Unlike other XSS scanners that just run through a list of payloads. XanXSS tries to make the payload unidentifiable, for example: <xAnXSS</TitLE></STYLE><SVG/ONload='alERt(1);'/></XaNxSs</titLe></StYlE><SvG/ONlOAD='alerT(1);'/> <ifrAmE Src= [2].Find(CoNfirm);= "JAVaScRIpT:proMpT(1))"javAscrIpt:/*--></scRIPt> />cLIcK Me!</b</TextaRea></TiTLE><BUTtON ONcLIck='aleRT(1);'/>XaNxss</TEXTaRea> <iMG sRc=%0acONfIRM();=+'jAVASCRiPT:alerT("XSS");'</STYlE><Svg/onLoad='alErT((1));'/> With XanXSS every payload is different. XanXSS works by running through the payloads until a specified number is found or a timer hits the max time, this prevents it from looping for to long. Some of the features included in XanXSS: Ability to pass your own headers using -H Ability to generate a polyglot script using -P Ability to run behind a proxy using --proxy And many more [HIDE][Hidden Content]]