-
Download gau | link: https://github.com/lc/gau
-
Compile
go build gau.go -
Move
gauto /usr/binsudo mv gau /usr/bin
gau -subs domain.com | grep -oP "(\?|\&)\w+" | tr -d "?|&" | sort -u | tee params
greping parameters in response body
grep -oP "<input.*?>" | grep -oP "name=[\"'].+" | cut -d "\"" -f2
- Add this function in .bashrc file
First need download and install htmlattribs by tomnomnom from repository
https://github.com/tomnomnom/hacks/tree/master/htmlattribs
# Parameter scanner with Jaeles
### Input tag
checkparam(){
for i in $(cat $1); do
curl -sk "$i" | htmlattribs name input | tee params.txt
jaeles scan -v -s ~/path_To_Jaeles_Signature/xss.yaml -u "$i"
rm params.txt
done
}
- collect urls with your favorite tool. "Burp, gospider, hakrawler"
- check urls which includer " tag" with ffuf
ffuf -u FUZZ -w urls.txt -mr "<input" -s | tee crawled.txt
- Scan collected urls, command for terminal
checkparam crawled.txt
jsvarxss(){
cat urls | grep -vE ".(js$|js\?)" | ffuf -u FUZZ -w - -mr "var [a-zA-Z0-9_-]{1,}" | tee var_urls
for i in $(cat var_urls); do
curl -sk $i | grep -Eo "var [a-zA-Z0-9_-]{1,}" | cut -d " " -f2 | sort -u | tee params.txt
jaeles scan -v -s ~/pentest/pro-signatures/ghsec-jaeles-signatures/fuzz-param/xss.yaml -u "$i"
rm params.txt
done
}
jsvarxss