XSS-Freak is a tool fully written in Python3 to perform cross-site scripting. It works as an XSS scanner to crawls the whole website and scans all possible directories and links to expand the scope of its attack. After that, it activates the search to get information about input fields. Next, it will begin several XSS payloads. If the website has an input vulnerable and unsafe to the XSS attack, the XSS-Freak will find it out within seconds.
XSS-Freak: XSS Scanner Fully Written in Python3
XSS also is known as cross-site scripting is a kind of vulnerability found in web applications. With the help of XSS, attackers can inject malicious scripts into trusted web pages.
Security flaws in the web applications allow these attacks to happen very often. These flaws are quite common and occur in web applications that require and input from a user.
To learn more about Cross-site Scripting (XSS) and its types, check out Cross-site Scripting (XSS) [explanation & details].
- Bunch of XSS Payloads
- Fully written in Python3
- Internet connection with high speed
- A PC that has the ability to handle the large number of threads concurrently
How does XSS-Freak work
After that, the XSS-Freak tool will add all HTML inputs into attack scope. The tool will initiate the attack on these HTML inputs using the XSS payloads from the list. If the web application inputs aren’t sanitized properly, the script will detect vulnerabilities in seconds.
- Multithreading for fast and efficient processing
- Crawling ability over the complete websites
- Not supported on the phones
- Requires high speed Internet connection
- Requires advanced hardware
Clone the Github repo:
$ git clone https://github.com/hacker900123/XSS-Freak
Install the reguirements using
$ pip3 install -r requirements.txt
$ python3 XSS-Freak.py >> [+] Give Me A Target To Destroy >> [?] Enter Target: http://127.0.0.1 >> [+] Enter File Containing XSS Payloads to Try: payloads.txt >> [*] Searching Target For Possible Links And Directories >> [+] 7 Links Have Been Found >> [!] No Directories Have Been Found >> [*] I Will Sleep For 5 Minutes And My Threads Will Initialize Now And Search Each Link For HTML Inputs. Cross Your Fingers >> [+] My Threads Have Done Working And The Total Amount Of Inputs Found On All Possible Webpages Is: 3 >> [*] I Will Launch A Bunch Of XSS Payloads Towards The Target With The Use Of Multithreading For Efficiency, Hope For The Best >> [*] Note: It Might Take A Lot Of Time Depending On Your Internet Speed, Amount Of Links and Inputs. And Your Processing Power >> [+] Vulnerable Inputs Were Found Successfully >> [+] Vulnerable Input ==> uname >> [?] Go XSS’em Boi