JoshXSS - Lightweight XSS Scanner for Bug Bounty - BB TOOLS SERIES 1

on

🛡️ JoshXSS -
Lightweight XSS Scanner for Bug Bounty




JoshXSS is a minimal yet powerful Python tool that helps you detect reflected Cross-Site Scripting (XSS) vulnerabilities during bug bounty hunting or web app penetration testing.

It was created during my "30 Tools" challenge to make fast and simple tools for VAPT workflows. JoshXSS is designed for speed, clarity, and ease-of-use.

⚙️ Features

  • Scans URLs for reflected XSS using a top list of payloads

  • Injects payloads into the query string of GET requests

  • Identifies potential XSS by detecting payload reflection

  • Fast and lightweight — no heavy dependencies

📦 Installation

To install JoshXSS, clone the repository and install dependencies:


git clone https://github.com/Josh-INetSecurity-IN/josh-xss
cd josh-xss
pip install requests

🖥️ Usage

To run the tool, use the following command:

python3 joshxss.py

After running the tool, you’ll see a hacker-style ASCII banner followed by a prompt asking for the URL:

Enter the URL to test for XSS (e.g., https://example.com/page?query=test)

 Simply enter the URL you want to scan, and JoshXSS will start scanning it with 20+ XSS payloads.


✅ Sample Output

Once the tool finishes scanning, you’ll see output similar to this:

[✓] XSS detected with payload: <script>alert('XSS1');</script>
[✓] XSS detected with payload: <img src='x' onerror='alert(2)'>
...
[🔥] XSS vulnerabilities detected!
Vulnerable payloads: [ ... ]

🔐 Bug Bounty Workflow Tips

  • Use tools like gau, waybackurls, or paramspider to find target URLs.

  • Pipe them into JoshXSS for bulk scanning:


cat urls.txt | while read url; do python3 joshxss.py "$url"; done

 

After identifying reflected payloads, verify the vulnerability manually using Burp Suite or a browser.

⚠️ Disclaimer

This tool is intended for ethical hacking and educational purposes only.
Always ensure you have proper authorization before scanning any website.

📜 License

This project is open-source and released under the MIT License.

🔗 GitHub Repo

👉 https://github.com/Josh-INetSecurity-IN/josh-xss

💬 Questions, feedback, or collaboration ideas? Feel free to reach out or leave a comment below.
Stay sharp. Stay hacking.
Josh ⚔️



Comments

Post a Comment