RXSS is a Python tool designed for detecting reflecting params and paths in a bunch of URLs which can lead to reflected Cross-Site Scripting (XSS) vulnerabilities. It utilizes multithreading and customizable payload injection.
Install RXSS from PyPI using pip:
pip install rxssusage: rxss [-h] [-i] [-p] [-o] [-t] [-fr] [-maxr] [--timeout] [--ignore-base-url]
optional arguments:
-h, --help show this help message and exit
-i , --urls Path containing a list of URLs to scan
-p , --payload Payload you want to send to check reflection (default: rxss)
-o , --output Path of file to write output to (default: None)
-t , --threads Number of threads to use (default: 50)
-fr, --follow-redirects
Follow HTTP redirects (default: False)
-maxr , --max-redirects
Max number of redirects to follow per host (default: 5)
--timeout Timeout in seconds (default: 10)
--ignore-base-url Disable appending payloads to paths in base URLs (default: False)
--random-user-agent Use randomly selected HTTP User-Agent header value (default: False)
Scan URLs from a file hosts.txt with default settings:
rxss -i hosts.txtScan URLs with a custom payload and output results to output.txt:
rxss -i hosts.txt -p "<script>alert('XSS')</script>" -o output.txt- Built with Python
- Utilizes Requests for HTTP requests
- qsreplace for query string manipulation
- Uses fake_useragent to parse arbitrary user-agent values