├── .github └── FUNDING.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── QuickXSS.sh ├── README.md └── install.sh /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | 4 | ko_fi: theinfosecguy 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /results -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.18-alpine3.15 2 | 3 | RUN apk update && apk add git 4 | 5 | WORKDIR /quickxss 6 | 7 | ## install go packages 8 | RUN go install github.com/tomnomnom/gf@latest 9 | RUN go install github.com/tomnomnom/waybackurls@latest 10 | RUN go install github.com/hahwul/dalfox/v2@latest 11 | RUN go install github.com/lc/gau@latest 12 | RUN mkdir ~/.gf 13 | RUN git clone https://github.com/tomnomnom/gf 14 | RUN git clone https://github.com/1ndianl33t/Gf-Patterns 15 | RUN cp -r gf/examples ~/.gf/ && cp -r Gf-Patterns/*.json ~/.gf/ 16 | RUN rm -rf gf && rm -rf Gf-Patterns 17 | 18 | COPY QuickXSS.sh . 19 | RUN chmod +x QuickXSS.sh 20 | 21 | ENTRYPOINT ["sh", "QuickXSS.sh"] -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Keshav Malik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /QuickXSS.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | 5 | bold="\e[1m" 6 | version="1.2.0" 7 | red="\e[1;31m" 8 | green="\e[32m" 9 | blue="\e[34m" 10 | cyan="\e[0;36m" 11 | end="\e[0m" 12 | 13 | echo -e "$cyan 14 | ██████╗ ██╗ ██╗██╗ ██████╗██╗ ██╗ ██╗ ██╗███████╗███████╗ 15 | ██╔═══██╗██║ ██║██║██╔════╝██║ ██╔╝ ╚██╗██╔╝██╔════╝██╔════╝ 16 | ██║ ██║██║ ██║██║██║ █████╔╝ ╚███╔╝ ███████╗███████╗ 17 | ██║▄▄ ██║██║ ██║██║██║ ██╔═██╗ ██╔██╗ ╚════██║╚════██║ 18 | ╚██████╔╝╚██████╔╝██║╚██████╗██║ ██╗ ██╔╝ ██╗███████║███████║ 19 | ╚══▀▀═╝ ╚═════╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝ 20 | $end " 21 | 22 | printf "$bold$blue ** Developed by theinfosecguy <3 ** \n\n$end" 23 | 24 | contruct_mode(){ 25 | if [ -d "results" ] 26 | then 27 | cd results; 28 | else 29 | mkdir results; 30 | cd results; 31 | fi 32 | 33 | echo -e "${green}Creating Directory for $1 ....$end"; 34 | 35 | if [ -d "$1" ]; then 36 | printf "$red$1 Directory already exits. Please try again.\n\n$end"; 37 | exit 1; 38 | fi 39 | 40 | mkdir $1 41 | cd $1 42 | 43 | echo -e "\nFinding URLs for $domain using Waybackurls ...." 44 | 45 | echo "$domain" | waybackurls | tee "$domain".txt >/dev/null 2>&1; 46 | printf "URLS fetched using waybackurls & Stored in $blue$domain.txt$end" 47 | printf "\n\nFinding URLs for $domain using gau ....\n" 48 | echo "$1" | gau | tee -a $domain.txt >/dev/null 2>&1; 49 | printf "URLS fetched using gau & appended in $blue$domain.txt$end \n\n" 50 | 51 | echo -e "\nFinding valid URLs for XSS using GF Patterns \n" 52 | 53 | cat "$domain".txt | gf xss | sed 's/=.*/=/' | sed 's/URL: //' | tee "$domain"_temp_xss.txt >/dev/null 2>&1; 54 | 55 | sort "$domain"_temp_xss.txt | uniq | tee "$domain"_xss.txt >/dev/null 2>&1; 56 | printf "\nXSS Vulnerable URL's added to $blue"$domain"_xss.txt$end\n\n" 57 | } 58 | 59 | usage(){ 60 | printf "QuickXSS Usage:\n\n" 61 | printf "./QuickXSS.sh -d \n" 62 | printf "./QuickXSS.sh -d -b \n" 63 | printf "./QuickXSS.sh -d -o xss_results.txt \n" 64 | printf "./QuickXSS.sh -d -b -o xss_results.txt\n\n" 65 | exit 1; 66 | } 67 | 68 | missing_arg(){ 69 | echo -e "${red}${bold}Missing Argument $1$end\n"; 70 | usage; 71 | } 72 | 73 | # Handling user arguments 74 | while [ -n "$1" ]; do 75 | case $1 in 76 | -d|--domain) 77 | domain=$2 78 | shift ;; 79 | -b|--blind) 80 | blind=$2 81 | shift 82 | ;; 83 | -o| --output) 84 | out=$2 85 | shift 86 | ;; 87 | -h|--help) 88 | usage 89 | ;; 90 | -v|--version) 91 | echo "Version of QuickXSS: $version" 92 | exit 0 ;; 93 | *) 94 | echo "[-] Unknown Option: $1" 95 | usage ;; 96 | esac 97 | shift 98 | done 99 | 100 | # Creating Dir and fetch urls for a domain 101 | [[ $domain ]] && contruct_mode "$domain" || missing_arg "-d"; 102 | 103 | # Check if Results Argument is present or not. 104 | if [ -z "$out" ] 105 | then 106 | out="results.txt" 107 | printf "No Output File selected, Results will be stored in $out\n" 108 | fi 109 | 110 | # STart XSS Hunting by checking if Blind XSS payload is present or not. 111 | if [ -z "$blind" ] ; then 112 | echo "XSS Automation Started using Dalfox.." 113 | dalfox file "$domain"_xss.txt -o $out 114 | else 115 | echo "XSS Automation Started using Dalfox with your Blind Payload.." 116 | dalfox file "$domain"_xss.txt -b $blind -o $out -H "referrer: xxx'>" 117 | fi 118 | 119 | # Final Result 120 | echo -e "XSS automation completed, Results stored in$blue results/$domain ${end}Directory" -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 |

QuickXSS - Automate your XSS workflow

3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 | 11 | 12 |

13 |
14 | 15 |

16 | 17 | _**Read Official Guide: https://www.bugblogs.tech/post/automating-xss-using-dalfox-gf-and-waybackurls**_ 18 | 19 | 20 | Bash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox. 21 | 22 | Here are their Repositories: 23 | 24 | 1. [GF](https://github.com/tomnomnom/gf) 25 | 2. [GF Patterns](https://github.com/1ndianl33t/Gf-Patterns) 26 | 3. [Dalfox](https://github.com/hahwul/dalfox) 27 | 4. [Waybackurls](https://github.com/tomnomnom/waybackurls) 28 | 5. [Gau](https://github.com/lc/gau) 29 | 30 | ## Pre-Requisites 31 | 32 | Install Go in your Machine and then install required Tools. 33 | 34 | For installing Go in your system: 35 | ``` 36 | sudo apt install -y golang 37 | export GOROOT=/usr/lib/go 38 | export GOPATH=$HOME/go 39 | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH 40 | source .bashrc 41 | ``` 42 | ## Install Tools in one go ! 43 | 44 | ``` 45 | chmod +x install.sh 46 | ./install.sh 47 | ``` 48 | 49 | ## Docker support 50 | 51 | ```bash 52 | # for build docker image 53 | $ docker build --tag quickxss . 54 | # run docker image 55 | $ docker run -it --rm --name qs quickxss 56 | # Set alias to ~/.zshrc or ~/.bashrc ( depend which shell you are using ) will help to global execute quickxss 57 | $ alias quickxss='docker run -it --rm --name qs quickxss' 58 | ``` 59 | 60 | 61 | ### For Installing Pre-Requisites (In case you want to do it one by one): 62 | ``` 63 | go get -u github.com/tomnomnom/gf 64 | go get github.com/tomnomnom/waybackurls 65 | GO111MODULE=on go get -v github.com/hahwul/dalfox/v2 66 | GO111MODULE=on go get -u -v github.com/lc/gau 67 | mkdir .gf 68 | cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf 69 | git clone https://github.com/1ndianl33t/Gf-Patterns 70 | mv ~/Gf-Patterns/*.json ~/.gf 71 | ``` 72 | 73 | ## Installation 74 | 75 | ``` 76 | git clone https://github.com/theinfosecguy/QuickXSS.git 77 | cd QuickXSS 78 | chmod +x QuickXSS.sh 79 | ``` 80 | 81 | ## Usage 82 | 83 | Provide your Target & XSSHunter Payload as the Argument. 84 | For generating XSS Hunter Payload: [Check This](https://xsshunter.com/) 85 | 86 | ``` 87 | QuickXSS Usage 88 | 89 | ./QuickXSS.sh -d 90 | ./QuickXSS.sh -d -b 91 | ./QuickXSS.sh -d -o xss_results.txt 92 | ./QuickXSS.sh -d -b -o xss_results.txt 93 | 94 | ``` 95 | 96 | ### Special Thanks 97 | 98 | Special Thanks to all these for their amazing tools ❤ : 99 | 1. [TomNomNom](https://twitter.com/tomnomnom/) for Waybackurls and GF 100 | 2. [Shiv Chouhan](https://twitter.com/1ndianl33t) for GF Patterns 101 | 3. [HAHWUL](https://twitter.com/hahwul) for Dalfox 102 | 4. [Corben Leo]() for gau 103 | 4. [Zemo](https://www.youtube.com/watch?v=fVBvqy-7Ug0) for his amazing video. 104 | 105 | ### Support ! 106 | 107 | If QuickXSS helped you land a Bounty ! Support me & Buy me a Ko-Fi 108 | 109 | ## Star History 110 | 111 | [![Star History Chart](https://api.star-history.com/svg?repos=theinfosecguy/quickxss&type=Date)](https://star-history.com/#theinfosecguy/quickxss&Date) 112 | 113 | [Buy Me a Ko-Fi](https://ko-fi.com/theinfosecguy) 114 | 115 | 116 | #### React out to me if you have any ideas to make this better via [Twitter](https://twitter.com/g0t_rOoT_) 117 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | 5 | cyan="\e[0;36m" 6 | end="\e[0m" 7 | 8 | # Banner 9 | echo -e "$cyan 10 | ██████╗ ██╗ ██╗██╗ ██████╗██╗ ██╗ ██╗ ██╗███████╗███████╗ 11 | ██╔═══██╗██║ ██║██║██╔════╝██║ ██╔╝ ╚██╗██╔╝██╔════╝██╔════╝ 12 | ██║ ██║██║ ██║██║██║ █████╔╝ ╚███╔╝ ███████╗███████╗ 13 | ██║▄▄ ██║██║ ██║██║██║ ██╔═██╗ ██╔██╗ ╚════██║╚════██║ 14 | ╚██████╔╝╚██████╔╝██║╚██████╗██║ ██╗ ██╔╝ ██╗███████║███████║ 15 | ╚══▀▀═╝ ╚═════╝ ╚═╝ ╚═════╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝╚══════╝ 16 | $end\n" 17 | printf "By theinfosecguy.." 18 | 19 | printf "Installing GF..\n" 20 | go install github.com/tomnomnom/gf@latest 21 | printf "Installing waybackurls ..\n" 22 | go install github.com/tomnomnom/waybackurls@latest 23 | printf "Installing Dalfox..\n" 24 | go install github.com/hahwul/dalfox/v2@latest 25 | printf "Installing gau..\n" 26 | go install github.com/lc/gau@latest 27 | 28 | printf "Setting up GF Patterns\n" 29 | # Create directory for gf-patterns 30 | mkdir ~/.gf 31 | # Copy example gf patterns to gf directory 32 | cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf 33 | cd ~ 34 | 35 | #Install GF Patterns 36 | git clone https://github.com/1ndianl33t/Gf-Patterns 37 | mv ~/Gf-Patterns/*.json ~/.gf 38 | 39 | printf "Installation Completed Successfully." 40 | --------------------------------------------------------------------------------