LOXIA is an automated tool designed for testing XSS (Cross-Site Scripting) vulnerabilities on specified domains. This tool helps you check the security of web applications against common XSS attack vectors by utilizing customizable payloads.
- 📝 Custom Payloads: Load payloads from a specified file for testing.
- 🌐 HTTP Method Support: Supports both
GET
andPOST
HTTP methods for testing. - 📊 Real-time Analysis: Displays live analysis of potential XSS vulnerabilities in the terminal.
- 💾 Results Saving: Automatically saves test results to a file named according to the domain tested, ensuring you can revisit your findings.
- 🎨 Color-Coded Output: User-friendly terminal output with color codes for easier interpretation of test results.
- 🐍 Python 3.x
- 📦
requests
library (install withpip install requests
)
-
Clone the Repository:
git clone https://github.com/hackinter/LOXIA.git cd LOXIA
-
Install the Dependencies:
pip install requests
-
Run the Script:
Execute the script in the terminal:
python loxia.py
-
Input the Following Information:
- 🔗 Target Domain: Enter the domain you want to test (e.g.,
https://example.com/search.jsp?query=
). - 📁 Payload File Path: Provide the full path to your payload file (e.g.,
/path/to/payloads.txt
). - 📜 HTTP Method: Choose either
GET
orPOST
based on your test requirements.
- 🔗 Target Domain: Enter the domain you want to test (e.g.,
-
Review the Results: After running the tool, results will be displayed in the terminal with color-coded outputs:
- ✅ Success: Safe URLs will be highlighted.
- 💥 Vulnerabilities: Detected XSS vulnerabilities will be marked with the appropriate emoji.
⚠️ Connection Errors: Any issues connecting to the server will also be flagged.
-
Saving Results: After the test, you can save the results to a file:
- For example, if the target domain is
kali.org
, the result file will be namedkali-result.txt
. - If a file with that name already exists, the tool will create additional files like
kali-result1.txt
,kali-result2.txt
, etc.
- For example, if the target domain is
🔗 Enter the target domain (e.g., https://example.com): https://example.com/search.jsp?query=
📁 Enter the path to the payload file: /path/to/payloads.txt
📜 Choose the HTTP method (GET/POST): GET
-
💥 Vulnerability Found:
💥 Possible XSS vulnerability found: https://example.com?payload=<script>alert('xss')</script> with payload: <script>alert('xss')</script>
-
✅ No Vulnerability Found:
❎ No vulnerability found; URL is safe: https://example.com?payload=<script>console.log('test')</script> with payload: <script>console.log('test')</script>
-
⚠️ Connection Error:⚠️ Error connecting to server; URL is not accessible for testing: https://example.com?payload=<script>alert('fail')</script>
-
💾 Results Saved:
✅ Results saved to example-com-result.txt
⚠️ Security: Always ensure you have explicit permission before testing any website. Unauthorized testing may be illegal and could result in serious consequences.- 🛡️ Payloads: The effectiveness of the tool relies on using relevant and up-to-date payloads. Ensure you have the latest payloads for accurate testing.
- 📶 Network Traffic: Repeated requests to a website can be flagged as malicious by servers. Monitor your network traffic to avoid being blocked.
- 🌐 Ethical Use: This tool is designed for educational and ethical hacking purposes only. Always comply with ethical guidelines and legal regulations.
We welcome contributions! To contribute:
- 🍴 Fork the repository.
- 🌱 Create a new branch.
- ✨ Implement your feature or fix.
- 📤 Submit a pull request.
This project is licensed under the MIT License. See the LICENSE file for more details.
We welcome contributions! If you would like to contribute, feel free to fork the repository and submit a pull request. If you encounter any bugs or have suggestions, please open an issue.
For any queries or issues, feel free to reach out to us: