command
module
Version:
v0.0.0-...-dd33a09
Opens a new window with list of versions in this module.
Published: Nov 25, 2023
License: MIT
Opens a new window with license information.
Imports: 7
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
README
¶
xssparams
xssparams
takes a list of urls and identifies parameters potentially vulnerable to reflected xss
Installation
go install github.com/martinvks/xssparams@latest
Usage
For information about available flags, run:
xssparams -h
Example usage:
$ cat urls.txt
https://example.com?utm_source=google
https://example.com/articles/1
https://example.com/articles?query=computerphile
https://example.com?referer=https://youtube.com
$ cat urls.txt | xssparams
https://example.com/articles?query=computerphile [{query [SingleQuote]}]
https://example.com?referer=https://youtube.com [{referer [Href]}]
What does the output mean?
Href
The parameter is reflected in the beggining of an href attribute
Element
The parameter is reflected inside an HTML element and the less-than sign is not escaped
Script
The parameter is reflected inside a script tag and the </
character sequence is not escaped
DoubleQuote
The parameter is reflected inside double quotes and the double quote character is not escaped
SingleQuote
The parameter is reflected inside single quotes and the single quote character is not escaped or \'
is escaped as \\'
What is considered to be a parameter?
- Query Parameters, e.g.,
search
and language
in https://example.com?search=quantum+computing&language=en
- Numeric path segments, e.g.,
123
in https://example.com/articles/123
- UUID path segments, e.g.,
a92d7004-d18e-4aa3-9309-c016b6abca23
in https://example.com/articles/a92d7004-d18e-4aa3-9309-c016b6abca23
Documentation
¶
There is no documentation for this package.
Source Files
¶
Directories
¶
Click to show internal directories.
Click to hide internal directories.