HOCXSS Automatic Cross Site Scripting XSS Vulnerability Scanner

Today, we are presenting our own Intelligence HOCXSS Automatic (Cross Site Scripting) vulnerability scanner along with the complete demonstration tutorial.

Please check the POC Video at the end of the article.

HOCXSS is an easy way for the penetration tester and bug bounty hunters to test Cross site scripting. It has featured with crawling, detection parameter discovery, WAF detection capabilities as well.

Note: This XSS scanner wouldn’t require you to install any Library. It automatically detects, installs, and run the required files for you.

It’s main features are

• Persistence, Non-persistence and Dom based scanning
• It can scan target anonymously using TOR
• Multi-threaded crawling
• WAF detection & evasion
• HOC updated payload
• WAF BYPASS payloads
• Complete HTTP support
• Brute force payloads from a file
• Auto-detect method GET/POST
• Set cookie

So lets start..

Requirements:

• Kali Linux OS > HOC IG

How to install?

Open the Terminal and type the following codes

>git clone https://github.com/hackersonlineclub/HOCXSS_V1.git

>cd HOCXSS_V1

/

>sudo python3 hocxss.py

 

Output results are as follows –

First step is to select Press 1 for scan without TOR or Press 2 for scan with TOR and hit enter

Second step is to select Press 1 for Quick scan it will scan only given URL or Press 2 for Intensive scan it will scan all the link in a page (using crawl) and hit enter

 

Third step is to enter the target website or URL and hit enter

Here our target is testphp.vulnweb.com

It will ask for payload Y/N. If want to enter own payload press Y or y And give the File location of your payload file or  want to scan with HOC payloads press N or n

It will ask for Cookie Y/N. If want to enter own Cookie press Y or y then enter cookie like
Example:- {“ID”:”989856547”}
N or n for attack without cookie and hit enter

Wait for Output

 

Watch POC