A tool to find web page inputs and perform XSS scanning.
Features:
-
Subdomain Discovery:
- Fetches relevant subdomains for the target website and compiles them into a whitelist. These subdomains can be utilized during the scraping process.
-
Site-wide Link Discovery:
- Gathers all links across the website based on the provided whitelist and the specified
max_depth.
- Gathers all links across the website based on the provided whitelist and the specified
-
Form and Input Extraction:
- Identifies all forms and inputs found within the extracted links, creating a JSON output. This JSON output serves as a foundation for leveraging the XSS scanning capability of the tool.
Note:
This tool maintains a current list of file extensions that it skips during the exploration process. The default list includes common file types like images, stylesheets, and scripts (
".css",".js",".mp4",".zip","png",".svg",".jpeg",".webp",".jpg",".gif"). Soon, you'll be able to customize this list to better suit your needs
Installation
$ git clone https://github.com/joshkar/X-Recon
$ cd X-Recon
$ python3 -m pip install -r requirements.txt
$ python3 xr.pyTarget For Test:
You can use this address in the Get URL section
http://testphp.vulnweb.com