README
¶
xssparams
xssparams takes a list of urls and identifies parameters potentially vulnerable to reflected xss
Installation
go install github.com/martinvks/xssparams@latest
Usage
For information about available flags, run:
xssparams -h
Example usage:
$ cat urls.txt
https://example.com?utm_source=google
https://example.com/articles/1
https://example.com/articles?query=computerphile
https://example.com?referer=https://youtube.com
$ cat urls.txt | xssparams
https://example.com/articles?query=computerphile [{query [SingleQuote]}]
https://example.com?referer=https://youtube.com [{referer [Href]}]
What does the output mean?
HrefThe parameter is reflected in the beggining of an href attributeElementThe parameter is reflected inside an HTML element and the less-than sign is not escapedScriptThe parameter is reflected inside a script tag and the</character sequence is not escapedDoubleQuoteThe parameter is reflected inside double quotes and the double quote character is not escapedSingleQuoteThe parameter is reflected inside single quotes and the single quote character is not escaped or\'is escaped as\\'
What is considered to be a parameter?
- Query Parameters, e.g.,
searchandlanguageinhttps://example.com?search=quantum+computing&language=en - Numeric path segments, e.g.,
123inhttps://example.com/articles/123 - UUID path segments, e.g.,
a92d7004-d18e-4aa3-9309-c016b6abca23inhttps://example.com/articles/a92d7004-d18e-4aa3-9309-c016b6abca23
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.