NAME
ronin-vulns-reflected-xss - Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities
SYNOPSIS
ronin-vulns reflected-xss [options] {URL … | --input FILE}
DESCRIPTION
Scans URL(s) for reflected Cross Site Scripting (XSS) vulnerabilities. The URLs
to scan can be given as additional arguments or read from a file using the
--input option.
ARGUMENTS
- URL
- A URL to scan.
OPTIONS
--dbNAME- The database name to connect to. Defaults to
defaultif not given. --db-uriURI- The database URI to connect to
(ex:
postgres://user:password@host/db). --db-filePATH- The sqlite3 database file to use.
--import- Imports discovered vulnerabilities into the database.
--first- Only find the first vulnerability for each URL.
-A,--all- Find all vulnerabilities for each URL.
--print-curl- Also prints an example
curlcommand for each vulnerability. --print-http- Also prints an example HTTP request for each vulnerability.
-M,--request-methodCOPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK- Sets the HTTP request method to use.
-H,--header“Name: value”- Sets an additional header using the given Name and value.
-U,--user-agent-stringSTRING- Sets the
User-Agentheader string. -u,--user-agentchrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge- Sets the
User-Agentheader. -C,--cookieCOOKIE- Sets the raw
Cookieheader. -c,--cookie-paramNAME=VALUE- Sets an additional
Cookieparam using the given NAME and VALUE. -R,--refererURL- Sets the
Refererheader. -F,--form-paramNAME=VALUE- Sets an additional form param using the given NAME and VALUE.
--test-query-paramNAME- Tests the URL query param name.
--test-all-query-params- Test all URL query param names.
--test-header-nameNAME- Tests the HTTP Header name.
--test-cookie-paramNAME- Tests the HTTP Cookie name.
--test-all-cookie-params- Test all Cookie param names.
--test-form-paramNAME- Tests the form param name.
-i,--inputFILE- Reads URLs from the given FILE.
-h,--help- Print help information.
AUTHOR
Postmodern postmodern.mod3@gmail.com