XIRA XSS Vulnerablity Scanner
XIRA XSS Vulnerablity Scanner

XIRA: XSS Vulnerablity Scanner

xira is XSS vulnerability scanner. It simply collects all input fields form website. And test each of them with some cool payloads. Thus, if we get any vulnerable input field then it got printed on terminal/console with successful payloads.

XIRA for XSS Scanner
XIRA for XSS Scanner

Installation

Clone the repo

git clone https://github.com/xadhrit/xira.git

Change the working directory to xira

cd xira

Install the requirements

For Linux
$ python3 -m pip install -r requirements.txt

For windows
> python -m pip install -r requirements.txt

Usage

FOR LINUX/WINDOWS

$ python3/python xira.py -u <url>

Enter the target's url : https://www.example.com
Use of xira
Use of xira

Results

All details with successful payloads.
True
Results of XIRA
Results of XIRA

Payloads Template

We can use template.json to use payloads from Seclists or wherever you want. template.json will be our new payload.json file for using in our XSS Scanning. Change the name and make a copy before of payload.json from this repo, and template.json.

{
  "payload": [
    {
      "payload_name": " <h2>Basic injects</h2> "
    }
  ]
}
#!/bin/bash
filename='XSS-Jhaddix.txt'
n=1
while read line; do
# reading each line
jq --arg value "$line" '.payload|=.+[{ "payload_name" : $value }]' payload_template.json >tmp.json
mv tmp.json payload_template.json
echo "Line No. $n : $line"
n=$((n+1))
done < $filename

Payloads :

clone the repo : git clone https://github.com/xadhrit/xss-hacker.git
Dark Mode

xira (this link opens in a new window) by xadhrit (this link opens in a new window)

xira is xss vulnerability scanner. It simply collects all input fields form website. And test each of them with some cool payloads. Thus, if we get any vulnerable input field then it got printed on terminal/console with successful payloads.

More Stories
Metabigor Intelligence tool but without API key
Metabigor: Intelligence tool but without API key