Disclaimer everything that happens is beyond my responsibility. Use knowledge as wisely as possible.
Hello everyone, how are you, on this occasion I want to share XSS tips with both tools, namely paramspider and dalfox which are very powerful.
Both tools have their respective roles when you want to do bug hunting. Paramspider itself is useful for collecting parameters on the target website and wants to be very helpful when we want to search for a special XSS vulnerability in this tip.
Then for Dalfox itself is very useful for exploring deeper when we have collected the parameters obtained from paramspider. so on this occasion I want to share tips on combining these two tools for our bug hunting process.
Installasi ParamspiderNote : Use python 3.7+
$ git clone https://github.com/devanshbatham/ParamSpider
$ cd ParamSpider
$ pip3 install -r requirements.txt
$ python3 paramspider.py --domain hackerone.com
Thanks To Devanshbatham
Installasi Dalfox
go1.17
go install github.com/hahwul/dalfox/v2@latest
go1.16
GO111MODULE=on go get github.com/hahwul/dalfox/v2
Using homebrew (macos)
brew tap hahwul/dalfox
brew install dalfox
Using snapcraft (ubuntu)
sudo snap install dalfox
After the installation process is complete, let’s get straight to the point of sharing
1. Parameter crawling process using paramspider
python3 paramspider.py — domain https://redacted.com — level high — exclude woff,css,js,png,svg,php,jpg — output redacted.txt
2. Next, explore the process further using dalfox
dalfox file redacted.txt -b bugbountyicodeidc.bxss.in -o hasil-redacted.txt
That’s all from me, hopefully it will be useful and helpful, don’t forget to use it as wisely as possible. if there are wrong words, please apologize.