Giters

bittuvamshi / Helios

Helios: Automated XSS Testing

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Helios: Automated XSS Auditing

image

Features

  • Comprehensive Scanning: Tests URL parameters, POST parameters, headers, and DOM content for XSS vulnerabilities.
  • Multiple Browser Support: Compatible with both Firefox and Chrome for testing.
  • Headless Mode: Option to run scans in headless browser mode for faster & traditional execution.
  • Concurrent Scanning: Utilises multi-threading for efficient scanning of multiple targets.
  • Customizable: Supports custom headers, cookies, and payload files.
  • Crawling Capability: Can crawl websites to discover and test additional pages.
  • Detailed Reporting: Provides comprehensive output with color-coded console logs and optional file output.
  • DOM XSS Detection: Advanced detection of DOM-based XSS vulnerabilities.
  • Payload Customization: Automatically customises payloads with unique identifiers for accurate detection.

Key Capabilities

  • URL parameter testing
  • POST parameter analysis
  • Header scanning
  • DOM content examination
  • External script analysis
  • Crawling targets and depth control
  • Custom payload support
  • Accurate detection

Usage

pip install -r requirements.txt

python3 helios.py [target_url] [options]

Example

python3 helios.py target.com -o output.txt --crawl

python3 helios.py -l targetlist.txt --payload-file xsspayloads.txt -o output.txt --crawl --headless --cookies "Name=abcdefg" --headers "X-Forwarded For: 127.0.0.1"

Use python helios.py --help for a full list of options and usage instructions.

POST Method XSS

image

DOM-Based XSS

image

Accurate Payload Detection

image

Future Development

  • Getting gud
  • Enhance payload generation dependant on context of target
  • Optimize performance for large-scale scans, current still kinda sucks at speed - but any faster seems to produce false negatives :(

Note

Helios is currently in early stages of development. While it offers powerful scanning capabilities, users should be aware that it may contain bugs or limitations. Contributions and feedback are welcome to improve its functionality and reliability.

Disclaimer

This tool is for educational and ethical testing purposes only. Always obtain proper authorization before scanning any web applications or networks you do not own or have explicit permission to test.

Author

Created by @stuub

About

Helios: Automated XSS Testing

Languages

Language:Python 100.0%