2023-05-06 17:58:49 +00:00
|
|
|
## Get Parameter as much as possible
|
|
|
|
|
|
|
|
|
|
1. https://github.com/devanshbatham/ParamSpider
|
|
|
|
|
2. gospider -S tageturls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'|grep "=" | qsreplace -a | dalfox pipe -o result.txt
|
2023-05-06 17:59:39 +00:00
|
|
|
3. Waybackurls | gau
|
|
|
|
|
4. https://github.com/s0md3v/Arjun
|
|
|
|
|
5. https://github.com/hakluke/hakrawler
|
2023-05-06 18:20:31 +00:00
|
|
|
6. https://github.com/PortSwigger/param-miner
|
2023-05-06 17:58:49 +00:00
|
|
|
|
|
|
|
|
Combine all in a file and remove duplicates.
|
|
|
|
|
|
|
|
|
|
## Run XSS fuzzer
|
|
|
|
|
1. https://github.com/s0md3v/XSStrike
|
|
|
|
|
2. https://github.com/hahwul/dalfox
|
|
|
|
|
|
2023-05-06 18:20:31 +00:00
|
|
|
|
|
|
|
|
Resources:
|
|
|
|
|
- https://blog.yeswehack.com/yeswerhackers/parameter-discovery-quick-guide-to-start/
|
|
|
|
|
- https://infosecwriteups.com/tale-of-my-first-xss-27f622bc47c0
|
2023-05-06 17:58:49 +00:00
|
|
|
<hr>
|
2023-05-07 07:49:51 +00:00
|
|
|
|
|
|
|
|
## dalfox usage:
|
|
|
|
|
```
|
2023-05-07 09:12:30 +00:00
|
|
|
gf xss td.com.txt | grep -Eo 'https?://[^\"]+' > tdfinal.txt
|
2023-05-07 07:49:51 +00:00
|
|
|
dalfox file domain.txt -w 20 --silence
|
|
|
|
|
```
|
