{"id":867,"date":"2020-05-09T02:59:04","date_gmt":"2020-05-09T01:59:04","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=867"},"modified":"2020-10-08T05:39:14","modified_gmt":"2020-10-08T04:39:14","slug":"hocxss-automatic-cross-site-scripting-xss-vulnerability-scanner","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/hocxss-automatic-cross-site-scripting-xss-vulnerability-scanner\/","title":{"rendered":"HOCXSS Automatic Cross Site Scripting XSS Vulnerability Scanner"},"content":{"rendered":"

Today, we are presenting our own Intelligence HOCXSS Automatic (Cross Site Scripting) vulnerability scanner<\/a>\u00a0along with the complete demonstration tutorial.<\/p>\n

Please check the\u00a0POC\u00a0<\/strong><\/a>Video at the end of the article.<\/p>\n

HOCXSS is an easy way for the penetration tester and bug bounty hunters to test Cross site scripting. It has featured with crawling, detection parameter discovery, WAF detection capabilities as well.<\/p>\n

Note<\/strong>: This XSS scanner wouldn\u2019t require you to install any Library. It automatically detects, installs, and run the required files for you.<\/p>\n

It\u2019s main features are<\/h3>\n
    \n
  • Persistence, Non-persistence and Dom based scanning<\/li>\n
  • It can scan target anonymously using TOR<\/li>\n
  • Multi-threaded crawling<\/li>\n
  • WAF detection & evasion<\/li>\n
  • HOC updated payload<\/li>\n
  • WAF BYPASS payloads<\/li>\n
  • Complete HTTP support<\/li>\n
  • Brute force payloads from a file<\/li>\n
  • Auto-detect method GET\/POST<\/li>\n
  • Set cookie<\/li>\n<\/ul>\n

    So lets start..<\/p>\n

    Requirements:<\/h3>\n
      \n
    • Kali Linux OS > HOC IG<\/li>\n<\/ul>\n

      How to install?<\/strong><\/h3>\n

      Open the Terminal and type the\u00a0following codes<\/strong><\/p>\n

      >git clone https:\/\/github.com\/hackersonlineclub\/HOCXSS_V1.git<\/strong><\/p>\n

      <\/pre>\n
      >cd HOCXSS_V1<\/strong><\/p>\n
      \/\r\n\r\n<\/pre>\n
      >sudo python3 hocxss.py<\/strong><\/p>\n
       <\/p>\n
      Output results are as follows \u2013<\/strong><\/p>\n
      \"\"<\/p>\n
      First step is to select Press 1 for scan without TOR or Press 2 for scan with TOR and hit enter<\/h3>\n
      \"\"<\/p>\n
      Second step is to select Press 1 for Quick scan it will scan only given URL or Press 2 for Intensive scan it will scan all the link in a page (using crawl) and hit enter<\/h3>\n
       <\/p>\n
      \"\"<\/p>\n
      Third step is to enter the target website or URL and hit enter<\/h3>\n
      Here our target is\u00a0testphp.vulnweb.com<\/strong><\/p>\n
      \"\"<\/p>\n
      It will ask for payload Y\/N. If want to enter own payload press Y or y And give the File location of your payload file or\u00a0 want to scan with HOC payloads press N or n<\/h3>\n
      \"\"<\/p>\n
      It will ask for Cookie Y\/N. If want to enter own Cookie press Y or y then enter cookie like
      \nExample:- {\u201cID\u201d:\u201d989856547\u201d}
      \nN or n for attack without cookie and hit enter<\/h3>\n
      \"\"<\/p>\n
      Wait for Output<\/h3>\n
      \"\"<\/p>\n
       <\/p>\n
      Watch POC<\/h3>\n
       <\/p>\n