# Rxss
RXSS is a Python tool designed for detecting reflecting params and paths in a bunch of URLs which can lead to reflected Cross-Site Scripting (XSS) vulnerabilities. It utilizes multithreading and customizable payload injection.
## Installation
Install RXSS from PyPI using pip:
```bash
pip install rxss
```
## Usage
### Command-Line Options
```
usage: rxss [-h] [-i] [-p] [-o] [-t] [-fr] [-maxr] [--timeout] [--ignore-base-url]
optional arguments:
-h, --help show this help message and exit
-i , --urls Path containing a list of URLs to scan
-p , --payload Payload you want to send to check reflection (default: rxss)
-o , --output Path of file to write output to (default: None)
-t , --threads Number of threads to use (default: 50)
-fr, --follow-redirects
Follow HTTP redirects (default: False)
-maxr , --max-redirects
Max number of redirects to follow per host (default: 5)
--timeout Timeout in seconds (default: 10)
--ignore-base-url Disable appending payloads to paths in base URLs (default: False)
--random-user-agent Use randomly selected HTTP User-Agent header value (default: False)
```
### Examples
Scan URLs from a file `hosts.txt` with default settings:
```bash
rxss -i hosts.txt
```
Scan URLs with a custom payload and output results to `output.txt`:
```bash
rxss -i hosts.txt -p "<script>alert('XSS')</script>" -o output.txt
```
## Acknowledgments
- Built with [Python](https://www.python.org/)
- Utilizes [Requests](https://docs.python-requests.org/en/master/) for HTTP requests
- [qsreplace](https://github.com/basedygt/qsreplace) for query string manipulation
- Uses [fake_useragent](https://github.com/fake-useragent/fake-useragent) to parse arbitrary user-agent values
Raw data
{
"_id": null,
"home_page": "https://github.com/basedygt/rxss",
"name": "rxss",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "rxss, Reflected Cross Site Scripting, Pentest tools",
"author": "basedygt",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/08/5e/5182b973538ad776b413af972770ed69b4a54c414f4c0ed2ce4928ad65fb/rxss-0.0.2.tar.gz",
"platform": null,
"description": "# Rxss\n\nRXSS is a Python tool designed for detecting reflecting params and paths in a bunch of URLs which can lead to reflected Cross-Site Scripting (XSS) vulnerabilities. It utilizes multithreading and customizable payload injection.\n\n## Installation\n\nInstall RXSS from PyPI using pip:\n\n```bash\npip install rxss\n```\n\n## Usage\n\n### Command-Line Options\n\n```\nusage: rxss [-h] [-i] [-p] [-o] [-t] [-fr] [-maxr] [--timeout] [--ignore-base-url]\n\noptional arguments:\n -h, --help show this help message and exit\n -i , --urls Path containing a list of URLs to scan\n -p , --payload Payload you want to send to check reflection (default: rxss)\n -o , --output Path of file to write output to (default: None)\n -t , --threads Number of threads to use (default: 50)\n -fr, --follow-redirects\n Follow HTTP redirects (default: False)\n -maxr , --max-redirects\n Max number of redirects to follow per host (default: 5)\n --timeout Timeout in seconds (default: 10)\n --ignore-base-url Disable appending payloads to paths in base URLs (default: False)\n --random-user-agent Use randomly selected HTTP User-Agent header value (default: False)\n```\n\n### Examples\n\nScan URLs from a file `hosts.txt` with default settings:\n\n```bash\nrxss -i hosts.txt\n```\n\nScan URLs with a custom payload and output results to `output.txt`:\n\n```bash\nrxss -i hosts.txt -p \"<script>alert('XSS')</script>\" -o output.txt\n```\n\n## Acknowledgments\n\n- Built with [Python](https://www.python.org/)\n- Utilizes [Requests](https://docs.python-requests.org/en/master/) for HTTP requests\n- [qsreplace](https://github.com/basedygt/qsreplace) for query string manipulation\n- Uses [fake_useragent](https://github.com/fake-useragent/fake-useragent) to parse arbitrary user-agent values\n",
"bugtrack_url": null,
"license": "Apache-2.0 License",
"summary": "Tool to check reflecting params and paths in a bunch of URLs",
"version": "0.0.2",
"project_urls": {
"Homepage": "https://github.com/basedygt/rxss"
},
"split_keywords": [
"rxss",
" reflected cross site scripting",
" pentest tools"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6c01ac2182440d215cebe9df63c315d858dfd3baad60c4330e7829ff94223e90",
"md5": "2f3780cc4be9878570c19bd84fad57d7",
"sha256": "685f67ef7b45b1aae259fe78d60b02b4648eda2a37b921ead5e21a37b0738578"
},
"downloads": -1,
"filename": "rxss-0.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "2f3780cc4be9878570c19bd84fad57d7",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 8338,
"upload_time": "2024-06-23T16:06:15",
"upload_time_iso_8601": "2024-06-23T16:06:15.515811Z",
"url": "https://files.pythonhosted.org/packages/6c/01/ac2182440d215cebe9df63c315d858dfd3baad60c4330e7829ff94223e90/rxss-0.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "085e5182b973538ad776b413af972770ed69b4a54c414f4c0ed2ce4928ad65fb",
"md5": "5b4e022bff43876eef228dbf99a9e514",
"sha256": "af9187db33dc15b9eb167212ca1474915b5a23fb52f572f65e1c94e362fcd1e0"
},
"downloads": -1,
"filename": "rxss-0.0.2.tar.gz",
"has_sig": false,
"md5_digest": "5b4e022bff43876eef228dbf99a9e514",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7745,
"upload_time": "2024-06-23T16:06:16",
"upload_time_iso_8601": "2024-06-23T16:06:16.725943Z",
"url": "https://files.pythonhosted.org/packages/08/5e/5182b973538ad776b413af972770ed69b4a54c414f4c0ed2ce4928ad65fb/rxss-0.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-23 16:06:16",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "basedygt",
"github_project": "rxss",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "rxss"
}