Skip to content
/ xss_vibes Public

A modern tool written in Python that automates your xss findings.

255 stars 47 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

faiyazahmad07/xss_vibes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits

Header.py

Header.py

 
 

README.md

README.md

 
 

Waf.py

Waf.py

 
 

adder.py

adder.py

 
 

main.py

main.py

 
 

payloads.json

payloads.json

 
 

requirements

requirements

 
 

waf_list.txt

waf_list.txt

 
 

xss_vibes.png

xss_vibes.png

 
 

Repository files navigation

XSS_VIBES

"Experience the Vibes of Security with xss_vibes"

alt_text

What's New?

  • Added threads feature: You can now specify the threads to send multiple request at the same time!(Details given below)
  • Improved Payloads: The payloads are now more accurate to the target
  • Single URL Scan: Now you can scan single url by using -u flag.
  • Headers: You can now add your custom headers to test authenticated or restricted endpoints!
  • Improved Adder.py: Now you can payloads directly from a file! The new adder.py can automatically detect all the dangerous characters.
  • WAF: This tool can now detect web application firewalls and then use specialized payloads to bypasss them.
  • Custom WAF: You can choose payloads that are designed for specific waf.
  • Crawler: You can now run katana within the tool to find the links first and then look for vulnerabilities.

FEATURES

  • Customizable: You can add your custom payload using adder.py
  • Dynamic: The tool will prioritize the payloads based on the target's behavior
  • Scalable: You can use this tool on bunch of links
  • Speed: Send concurrent request to multiple urls

I N S T A L L A T I O N

(Please Install Katana into your machine to access the full potential of this tool)
1. Clone the repository: git clone https://github.com/faiyazahmad07/xss_vibes
2. Install the requirements file: pip3 install -r requirements
3. Run the main.py file

USAGE

python3 main.py -f <filename> -o <output>

-f: Filename that contains bunch of links
-o: Output filename in which all the vulnerable endpoints is stored
-t: No of threads[Increase the threads if you want more speed] (Max: 10)
-u: Single URL to scan.
-H: Custom Headers.(PLease use , within "" to add multiple headers)
--crawl: Crawl the links first and then find xss

Using  multiple  headers:
python3 main.py -f urls.txt -H "Cookies:test=123;id=asdasd, User-Agent: Mozilla/Firefox" -t 7 -o result.txt

Using  single  header:
python3 main.py -f urls.txt -H "Cookies:test=123;id=asdasd" -t 7 -o result.txt

Scanning single URL:
python3 main.py -u http://example.com/hpp/?pp=12 -o out.txt

Detect waf & scan:
python3 main.py -u http://example.com/hpp/?pp=12 -o out.txt --waf

Specify waf manually:

python3 main.py -u http://example.com/hpp/?pp=12 -o out.txt -w cloudflare

Using PIPE

cat katana.txt | python3 main.py --pipe -t 7

DEMONSTRATION

Video Link

CONTRIBUTORS

About

A modern tool written in Python that automates your xss findings.

Topics

cybersecurity bug-bounty ethical-hacking-tools

Resources

Readme
Activity

Stars

255 stars

Watchers

5 watching

Forks

47 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages