BeeXSS is a specialized automated tool designed to detect Blind XSS (Cross-Site Scripting) vulnerabilities in web applications. Unlike standard XSS vulnerabilities, Blind XSS occurs when the injected script is executed in the web application’s backend or in an admin panel, making it harder to detect through traditional methods. BeeXSS automates the process of scanning URL parameters to find these hard-to-detect vulnerabilities by injecting payloads and analyzing responses.
bash
git clone https://github.com/AnonKryptiQuz/BeeXSS.git
cd BeeXSS
bash
pip install -r requirements.txt
Ensure `requirements.txt` contains:
```plaintext
selenium
webdriver-manager
readline
```
Ensure that ChromeDriver is correctly installed and accessible. You can install it via webdriver_manager, which will automatically handle the driver setup.
bash
python BeeXSS.py
Enter the base URL with a parameter (e.g., https://example.com/search?q=test), or provide a file containing a list of URLs to scan.
Enter the xss.report username when prompted. This will allow you to send scan results directly to your xss.report account for a more detailed analysis of the found vulnerabilities.
Specify the payload encoding Choose how many times you want to encode the payloads (0-3). Enter the corresponding number to apply the desired number of encoding layers. This helps bypass WAFs (Web Application Firewalls) and test applications that handle multiple layers of encoding.
Review the results to check if any Blind XSS vulnerabilities were found. Vulnerable URLs will be flagged, and you’ll have the option to save them for future reference.
Save results: You can optionally save the results to a file by following the prompt after the scan completes.
All tools are used under their respective open-source licenses.
Created by: AnonKryptiQuz
$ claude mcp add BeeXSS \
-- python -m otcore.mcp_server <graph>