XSS-Freak is a tool written entirely in Python3 to perform XSS vulnerability scanning on the network. This tool scans XSS to crawl the entire website and scans all possible directories and links to expand its attack range. It then activates the search to get information about the input tags. Next, it will start sending requests with XSS included. If the site has an input that is vulnerable to exploitation and is not secure from XSS attacks, XSS-Freak will detect it within seconds.
| Join the channel Telegram of the AnonyViet π Link π |
So what is XSS?
XSS, also known as cross-site scripting, is known as a type of vulnerability found in web applications. With the help of XSS, attackers can inject malicious scripts into (seemingly) trusted websites.
Cross-site Scripting (XSS) is one of the most popular hacking techniques when it comes to vulnerabilities on the web. This error occurs when a website generates output based on user input. If the website takes data from the input without proper validation and encryption, it will surely be exploited by hackers.
XSS allows hackers to run malicious JavaScript commands in the victim’s browser, which can take over user session. , nude photos, ….
Security flaws in web applications allow these attacks to happen very often. These errors are quite common and occur in web applications that require user input.
To learn more about Cross-site Scripting (XSS) and its other types, see Cross-site Scripting (XSS) detailed explanation.
Feature:
β Send Payloads XSS
β Written entirely in python3
Supported operating systems:
Request:
β High speed internet connection
β The PC is capable of processing a large number of data streams simultaneously
How does XSS-Freak work
To perform an attack, a target (web victim) and a list of different XSS payloads are required. The tool will now start scanning the main web pages including indexed pages for possible directories and links in the site. It then scans all the folders found in the initial scan and puts them in attack range. Furthermore, it will scan all the links found in both scans.
Then XSS-Freak will add all HTML input tags to the attack range. It will start the attack on both HTML input tags using Payloads XSS. If web input tags are not handled properly, the tool will detect those vulnerabilities right away.
Advantage:
β Due to the use of multi-threading, processing is fast and efficient
β Capable of crawling complete webs
Defect:
β Not supported on phones
– Must have high speed Internet connection
β Requires good hardware
Install XSS-Freak
You run the following commands:
git clone https://github.com/sepulvedazallalinux/XSS-Freak.gitΒ
cd XSS-Freak/
pip3 install -r requirements.txt
python3 XSS-Freak.py
Using
The first arrow is where you enter web link want to attack xss in.
The second arrow, you enter the file name containing payloads xss. Note, this file must be in the same directory as the tool.
The processing depends on your CPU and network connection.
Good luck!
