A utility for figuring out internet web page inputs and conducting XSS scanning.
Options:
- Subdomain Discovery:
-
Retrieves related subdomains for the goal web site and consolidates them right into a whitelist. These subdomains may be utilized through the scraping course of.
-
Website-wide Hyperlink Discovery:
-
Collects all hyperlinks all through the web site based mostly on the supplied whitelist and the required
max_depth. -
Type and Enter Extraction:
-
Identifies all types and inputs discovered inside the extracted hyperlinks, producing a JSON output. This JSON output serves as a basis for leveraging the XSS scanning functionality of the software.
-
XSS Scanning:
- As soon as the beginning recon possibility returns a customized JSON containing the extracted entries, the X-Recon software can provoke the XSS vulnerability testing course of and furnish you with the specified outcomes!
Notice:
The scanning performance is at present inactive on SPA (Single Web page Software) internet purposes, and now we have solely examined it on web sites developed with PHP, yielding outstanding outcomes. Sooner or later, we plan to include these options into the software.
Notice:
This software maintains an up-to-date record of file extensions that it skips through the exploration course of. The default record consists of widespread file sorts akin to photographs, stylesheets, and scripts (
".css",".js",".mp4",".zip","png",".svg",".jpeg",".webp",".jpg",".gif"). You may customise this record to raised fit your wants by enhancing the setting.json file..
Set up
$ git clone https://github.com/joshkar/X-Recon
$ cd X-Recon
$ python3 -m pip set up -r necessities.txt
$ python3 xr.py
Goal For Take a look at:
You should use this tackle within the Get URL part
http://testphp.vulnweb.com
