XSS Automation using Waybackurl And gf (Grep-Finding)

Hey Folks!

We always go for automation in order to make the finding faster from other security researchers, when we talking about finding SQL injection bugs for a URL, enumerating subdomain, directory searching, and many more.

But what if we consider XSS for the same?

Tools Required:

  1. GF by Tomnomnom
  2. WaybackURL by Tomnomnom
  3. Some GF pattern GitHub repo R1, R2, R3
  4. anew by Tomnomnom
  5. DALFOX by HAHWUL

Of Course, to run these tools you need to install “GO

Practical Time:

  1. Use the almighty vulnerable application http://testphp.vulnweb.com/
  2. Use WaybackURL to fetch the URLs for the above-mentioned target and save your output in a text file.

3. Use GF pattern to find the URLs that fetch the XSS parameters by

4. Now it’s time for DALFOX.

Do CLAP if you find this blog worthwhile.

Contact me :

LinkedIn 😄:https://www.linkedin.com/in/raja-nagori/

Twitter 😄: https://twitter.com/RajaNagori7

Cyber Security Professional