Hello All

Welcome back as we all know Cross site scripting vulnerability is very critical and it’s easy to find and the format is just put a payload anywhere and check response. But if we can automate this process. What if just put a website url and hit enter and it will automate . So let’s see how we can do this.

We will use a tool which is dalfox it’s available on github and url is : https://github.com/hahwul/dalfox

To install this tool we need go language in our machine so let’s install go language. Just open your terminal and type this command to install go language

sudo apt-get install golang

Now hit <ENTER> and press y golang will be installed

So now let’s install dalfox in our machine

From source

▶ GO111MODULE=on go get -v github.com/hahwul/dalfox/v2

Using snapcraft (ubuntu)

▶ sudo snap install dalfox

Using homebrew (macos)

▶ brew tap hahwul/dalfox
▶ brew install dalfox

I am using kali linux so let's see how we install it in kali linux just type command: GO111MODULE=on go get -v github.com/hahwul/dalfox/v2

Hit enter and see dalfox will be successfully installed 

Now go to golang directory and see cd /go/bin

Now move dalfox to our root directory just type this command sudo cp dalfox /usr/local/bin

Now we have successfully installed dalfox so let's Find some xss just type this command to find xss dalfox url http://testphp.vulnweb.com/listproducts.php?cat=123&artist=123&asdf=ff -b https://hahwul.xss.ht

It will alert you when it's find xss 

Follow me : https://twitter.com/HackTube5