Skip to content

winter3aki/XSS.one

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
XSSone.py
XSSone.py
 
 
install.sh
install.sh
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

                                         🚀 XSS ONE

                      Automated Reflected XSS Scanner for Bug Bounty Hunter

                                      Created by winter#aki

                                     "Hack Smart. Hunt Hard." 🎯

⚙️ Workflow

 Target Domain
      │
      ▼
┌─────────────────────────┐
│  1. Subfinder            │  →  Subdomain Enumeration
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  2. Active Check         │  →  Filter Live Subdomains (20 Threads)
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  3. ParamSpider          │  →  Parameter Discovery (No Timeout)
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  4. Smart Filter         │  →  Single Params + Remove login/account URLs
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  5. Deduplication        │  →  Remove Duplicate URLs
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  6. FUZZ → 123           │  →  Dalfox Compatibility Fix
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  7. Dalfox Scan          │  →  Reflected XSS + WAF Evasion
└──────────┬──────────────┘
           │
           ▼
┌─────────────────────────┐
│  8. Extract POCs         │  →  vulnerableurl.txt 🎯
└─────────────────────────┘

🔥 Features .🔍 Subdomain Enumeration (subfinder) .🌐 Active Domain Detection (HTTP/HTTPS) .🔗 Parameter Discovery (paramspider) .🧹 URL Filtering (single parameter only) .🧪 Payload Normalization & Cleaning .💣 Automated XSS Scanning (dalfox) .✅ Extracts Valid PoC (Proof of Concept) URLs .⚡ Multi-threaded for speed

🧰 Tech Stack 🐍 Python Library .requests → for HTTP requests & active host detection

🛠️ External Tools .subfinder → subdomain enumeration .paramspider → parameter mining .dalfox → XSS scanner .proxychains → (optional) anonymity

📁 Output Files

File Description
subfinder.txt Discovered subdomains
active.txt Live domains
param.txt All parameters
singleparam.txt Single parameter URLs
withoutfuzz.txt Cleaned URLs
XSS.txt Raw dalfox output
XSSfinal.txt Final XSS PoC URLs

⚙️ Installation

1️⃣ Clone Repository

</> Bash

  git clone https://github.com/winter3aki/XSS.one.git
  cd xss.one
  chmod +x install.sh && ./install.sh

Manual Install

</> Bash
 # Python dependencies
pip install requests paramspider

# Go tools
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/hahwul/dalfox/v2@latest

2️⃣ Install Python Dependencies

 python3 xssone.py -d target.com

3️⃣ Install Required Tools

Make sure these are installed and added to PATH:

</> Bash

subfinder
paramspider
dalfox

Optional:

</> Basah

proxychains

▶️ Usage

Basic Usage (Recommended) Custom Dalfox Settings

   python3 xssone.py -d target.com --dalfox-mode custom --workers 5 --delay 500 --timeout 30

All Options

     -d, --domain        Target domain (required)
     --threads           Threads for active subdomain check (default: 20)
     --dalfox-mode       'default' or 'custom' (default: default)
     --workers           Dalfox workers in custom mode (default: 5)
     --delay             Dalfox delay in ms (default: 500)
     --timeout           Dalfox timeout in seconds (default: 30)

✅ Run with domain argument

</> Bash

python3 XSSone.py -d example.com

✅ Run interactively

</> Bash

 python3 XSSone.py

Then enter:

example.com

⚡ Workflow

  1. Subdomain Enumeration

    </> Bash
   
subfinder -d target -o subfinder.txt
  1. Active Domain Check .Sends HTTP/HTTPS requests .Filters alive domains .Uses multithreading (30 threads)

  1. Parameter Extraction

    </> Bash

paramspider -l active.txt
  1. Filter Single Parameters .Keeps only URLs with one parameter .Removes complex URLs
  1. Clean Payloads .Removes FUZZ .Replaces values → =123

  1. Run XSS Scanner

    </> Bash

dalfox file withoutfuzz.txt
  1. Extract XSS PoC .Filters only valid PoC lines .Saves results in XSSfinal.txt

🧠 Key Features .⚡ Fast & efficient (multi-threaded) .🛡️ Safe subprocess handling .🔄 Fully automated pipeline .🧩 Modular design (easy to modify) .🎯 Focused on high-quality targets

📦 requirements.txt

      Tool	=  Type
  Python 3	=  Pre-installed on Kali Linux
  Subfinder	=  apt tool
  ParamSpider  =	Python package
  Dalfox	  =  brew tool

# HTTP requests for active domain checking
requests>=2.28.0

# External tools (install manually):
# subfinder
# paramspider
# dalfox
# proxychains (optional)

⚠️ Disclaimer

This tool is strictly for educational purposes and authorized penetration testing only. Do NOT use it on systems without proper permission.

💡 Future Improvements .Multi-parameter fuzzing .Wayback/GAU integration .JSON/HTML reporting .CLI flags for each step .Logging & progress tracking

⭐ Contributing

Pull requests are welcome! Feel free to open issues for bugs or feature requests.

👨‍💻 Author

winter3aki | GitHub: @winter3aki

"Hack Smart. Hunt Hard." 🎯

About

Automated Reflected XSS Scanner for Bug Bounty Hunters Built with Subfinder, ParamSpider & Dalfox

Topics

automation xss python3 pentesting bughunting subfinder dalfox paramspider all-work-in-one-script

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages