xira is XSS vulnerability scanner. It simply collects all input fields form website. And test each of them with some cool payloads. Thus, if we get any vulnerable input field then it got printed on terminal/console with successful payloads.
Installation
Clone the repo
git clone https://github.com/xadhrit/xira.git
Change the working directory to xira
cd xira
Install the requirements
For Linux
$ python3 -m pip install -r requirements.txt
For windows
> python -m pip install -r requirements.txt
Usage
FOR LINUX/WINDOWS
$ python3/python xira.py -u <url>
Enter the target's url : https://www.example.com
Results
All details with successful payloads.
True
Payloads Template
We can use template.json to use payloads from Seclists or wherever you want. template.json will be our new payload.json file for using in our XSS Scanning. Change the name and make a copy before of payload.json from this repo, and template.json.
{
"payload": [
{
"payload_name": " <h2>Basic injects</h2> "
}
]
}
#!/bin/bash
filename='XSS-Jhaddix.txt'
n=1
while read line; do
# reading each line
jq --arg value "$line" '.payload|=.+[{ "payload_name" : $value }]' payload_template.json >tmp.json
mv tmp.json payload_template.json
echo "Line No. $n : $line"
n=$((n+1))
done < $filename
Payloads :
clone the repo : git clone https://github.com/xadhrit/xss-hacker.git
xira (this link opens in a new window) by xadhrit (this link opens in a new window)
xira is xss vulnerability scanner. It simply collects all input fields form website. And test each of them with some cool payloads. Thus, if we get any vulnerable input field then it got printed on terminal/console with successful payloads.