kxss

Find reflected input parameters for XSS

Description

kxss checks URLs for reflected input parameters. It outputs URLs where user input is reflected in the response body, making them potential XSS candidates.

Installation

BASH

go install github.com/Emoe/kxss@latest

Basic Usage

                        BASH
                        
                            # Find reflections
cat urls.txt | kxss

# Save output
cat urls.txt | kxss | tee reflected.txt

Common Workflows

                        BASH
                        
                            # Find reflected params then test with Dalfox
gau target.com | grep "=" | kxss | awk '{print $1}' | dalfox pipe

Back to Exploitation