Today, we are presenting our own Intelligence HOCXSS Automatic (Cross Site Scripting) vulnerability scanner along with the complete demonstration tutorial.
Please check the POC Video at the end of the article.
HOCXSS is an easy way for the penetration tester and bug bounty hunters to test Cross site scripting. It has featured with crawling, detection parameter discovery, WAF detection capabilities as well.
Note: This XSS scanner wouldn’t require you to install any Library. It automatically detects, installs, and run the required files for you.
It’s main features are
- Persistence, Non-persistence and Dom based scanning
- It can scan target anonymously using TOR
- Multi-threaded crawling
- WAF detection & evasion
- HOC updated payload
- WAF BYPASS payloads
- Complete HTTP support
- Brute force payloads from a file
- Auto-detect method GET/POST
- Set cookie
Want to know about XSS vulnerability click here
So lets start..
- Kali Linux OS > HOC IG
How to install?
Open the Terminal and type the following codes
>git clone https://github.com/hackersonlineclub/HOCXSS_V1.git >cd HOCXSS_V1/ >sudo python3 hocxss.py
Output results are as follows –
First step is to select Press 1 for scan without TOR or Press 2 for scan with TOR and hit enter
Second step is to select Press 1 for Quick scan it will scan only given URL or Press 2 for Intensive scan it will scan all the link in a page (using crawl) and hit enter
Third step is to enter the target website or URL and hit enter
Here our target is testphp.vulnweb.com
It will ask for payload Y/N. If want to enter own payload press Y or y And give the File location of your payload file or want to scan with HOC payloads press N or n
It will ask for Cookie Y/N. If want to enter own Cookie press Y or y then enter cookie like
N or n for attack without cookie and hit enter
Wait for Output