Skip to content

LazyXSS is a tool that can help you scan for reflected XSS, LFI without any effort.

License

Notifications You must be signed in to change notification settings

LoaiEsam37/Lazyxss

Repository files navigation

Lazyxss

PyPI version PyPI version PyPI version PyPI version Build Status

LazyXSS is a tool that can help you scan for reflected XSS, LFI without any effort.

Installation | Usage | waybackurls | SedFilter | WayBackUrls_SedFilter | UniqOnly | URL-Reflected-XSS | Inputs-Reflected-XSS | ByPassTester | LFI

Installation

$ git clone https://github.com/LoaiEsam37/Lazyxss
$ cd Lazyxss
$ sudo chmod u+x setup.sh
$ sudo chmod u+x main.py
$ ./setup.sh
$ ./main.py

if you have a problem with running ./main.py try to change the first line in main.py from #!/bin/bash/python3 to #!/bin/bash/python3.10 It depends on what version you have on your pc.

$ cd
$ nano .bashrc
  • add this line alias lazyxss='python3 Foo/bar/Lazyxss/main.py'

  • close the terminal and open it again

  • Type lazyxss -h to display the options of the tool and some Examples for how to use it.

Usage

  • There are two ways you can use the tool with
  • you can use Easy Selection that is look like this:
$ lazyxss

  • or you can use it with specific Options that is look like this:
$ lazyxss -t r-xss -f google -o vuln -d 1 -pf Payloads

WayBackUrls

  • Make sure to Download Waybackurls and put it in /usr/bin because this section of my tool depends on it.
def Command(URL, OUTPUT)   
    # WayBackUrls
    os.system(f"echo \{URL} | waybackurls >> {OUTPUT}")

  • Here we can choose the method we will use,
  • Let`s try manually Option first

  • as you could see we put the Url we want to get waybackurl from, then we put the output file

  • Now Let`s try file Option

  • We made a file that contains 3 targets let`s use waybackurls

SedFilter

os.system(f"cat {INPUT} |grep -v 'jpg\|jpeg\|png\|svg' |sed 's/=.*/=/g' |uniq > {OUTPUT}")
  • let`s see how to do this with the tool

WayBackUrls_SedFilter

UniqOnly

  • here we have duplicate url

  • let`s see how to do this with the tool

URL-Reflected-XSS

  • This tool is for using your payloads on just the Url parameters

Inputs-Reflected-XSS

  • This tool is for using your payloads on every input on the website

ByPassTester

  • This tool is for using payloads on just the Url parameters
PAYLOAD = ["\'\'\'\'\'\'", "\"\"\"\"\"\"", ">>>>>>", "<<<<<<", "\\\\\\\\\\\\"]
  • The idea here is to try every bypass char on the website

LFI

Connect Me

loai-esam-109971215 loaiesam27 loai.esam.16