-->

Tuesday, 2 June 2020

XSS Vulnerability find in any website within minutes





So today we will know about the open source tool that helps in finding XSS cross site scripting attack for any website. This tool is scripted in go language as you can tell -_- you can help us by subscribing to our youtube channel :. Kumar Atul Jaiswal .: before using the too.



XSS Vulnerability


Cross-site scripting ( XSS )is a type of computer security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.  XSS Vulnerability find in any website within minutes




Dalfox

Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and verify them based on DOM Parser.

I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS). XSS Vulnerability find in any website within minutes

Key features



  • Paramter Analysis (find reflected parameter, find free/bad characters, Identification of injection point)
  • Static Analysis (Check Bad-header like CSP, X-Frame-optiopns, etc.. with base request/response base)
  • Optimization query of payloads
  •         Check the injection point through abstraction and generated the fit  payload.
  •         Eliminate unnecessary payloads based on badchar

  • XSS Scanning(Reflected + Stored) and DOM Base Verifying
  • All test payloads(build-in, your custom/blind) are tested in parallel with the encoder.
  •         Support to Double URL Encoder
  •         Support to HTML Hex Encoder


  • Friendly Pipeline (single url, from file, from IO)
  • And the various options required for the testing :D
  •         built-in / custom grepping for find other vulnerability
  •         if you found, after action
  •         etc..

How To Install ?

There are a total of three ways to Personally, I recommend go install.


1) clone this repository

git clone https://github.com/hahwul/dalfox




ls

cd dalfox 

ls





3) apt update && apt install golang




4) go install






5) ~/go/bin/dalfox ( and also for help )




6) go back in root and check it go install or not !

cd ..

cd ..

cd ..

ls

DONE :-)






7) change direcory


cd go

cd bin





 8)  dalfox [mode] [flags]

  •  dalfox url url

For example :-  single target mode


./dalfox  url  dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff -b https://hahwul.xss.ht








Multiple target mode


dalfox file urls_file --custom-payload ./mypayloads.txt






Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



- Hacking Truth by Kumar Atul Jaiswal


Video Tutorial :- 

 

 

My Self Kumar Atul Jaiswal Urf HackerboY and Kumar Atul Jaiswal is a name among millions who struggled failed and surged ahead in search of how to become a Hacker ( passionate about Hacking just like profession an entrepreneur ), just like any middle class guy, he too had a bunch of unclear dreams and a blurred version of his goals in life 😊.

0 comments:

Post a Comment

Contact

Send Us A Email

Search This Blog

Address

Contact Info

The page name itself is a call-to-action; Treat it with some respect.!

Address:

15, Ranchi, India, 834002

Phone:

404

Email:

kumaratuljaiswal222@gmail.com

atulthehacker222@gmail.com