AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extracts potential vulnerable URLs, and checks them for XSS vulnerabilities.

• Installation
• External-tools
• Usage
• Contact
• Disclaimer

git clone https://github.com/un9nplayer/AutoRecon-XSS.git
cd AutoRecon-XSS
chmod +x AutoRecon-XSS.sh

• Subfinder
• httpx
• qsreplace
• waybackurls

Installation:

subfinder: go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
httpx : go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
qsreplace: go install github.com/tomnomnom/qsreplace@latest
waybackurls: go install github.com/tomnomnom/waybackurls@latest

bash AutoRecon-XSS.sh <Target-URL> <Url-Recon-Year> <"XSS-Payload-you-wanna-Test">

Example:

bash AutoRecon-XSS.sh http://testphp.vulnweb.com 2000 "<script>alert(1)</script>"

You can reach out to the author via the following channels:

• Twitter
• Instagram

Please use AutoRecon-XSS responsibly and only for ethical purposes. Always adhere to legal and ethical standards when conducting security assessments or vulnerability scanning. The author and contributors of AutoRecon-XSS are not responsible for any misuse or illegal activities conducted with this tool.