python3 reflection.py -e endpoints.txt -p params.txt -o output.txt -rec on --mode 2 --discord [WEBHOOK_URL] -t 50
python3 reflection.py -e endpoints.txt -p params.txt -o output.txt --mode 4 --discord [WEBHOOK_URL] -t 50
python3 reflection.py -e endpoints.txt -p params.txt --mode 5 --bc [BURP COLLABORATOR] -t 50
1. You can collect additional parameters not present in your parameter list and write them to it using using -p [FILE_NAME]
2. You can filter out specified filetypes from your list using -ft .[EXT]
python3 tools/burp-cleaner.py -i history.xml -o history.txt -ft .js,.css,.rtf [-p params.txt]
1. You can collect additional parameters not present in your parameter list and write them to it using using -p [FILE_NAME]
2. You can filter out specified filetypes from your list using -ft .[EXT]
python3 tools/httpx-cleaner.py -i output.txt -o endpoints.txt -ft .js,.css,.rtf [-p params.txt]
1. -e = endpoints file you want to scan
2. -p = parameter file you want to use to scan for hidden param reflection
3. -o = output file for scan results.
4. --mode [0, 1, 2, 3 or 4] where 0 is a reflection scan with GET endpoints, 1 is a reflection scan with POST endpoints, 2 is a reflection scan with GET and POST, 3 is a XSS scan on confirmed reflected parameters generated by the 3 commands below and 4 is the SQLI endpoint scanner.
5. -rec [on] optional choice, '-rec on' will do a recursive search of parameters and return all reflected parameters instead of stopping after 1 is found.
6. -t [THREAD_COUNT] use this to specify your thread count.
7. --cookie [COOKIES] use this to provide your authentication cookies.
8. --discord [WEBHOOK_URL] for result output to discord (can be used with -o)
9. -fp [PARAM1,PARAM2] can be used to filter out params from being used in scanning - great for globally reflected params.
10. [-v on] is used for detailed output which includes full url, clean url and reflected code snippet.
11. -hi [FILENAME] generates all of the hidden input names to the file specified (credits to bendtheory for the idea!)
12. -bc [BURP-COLLABORATOR] run a burp collaborator and insert the URL here to check for any callsbacks.
python3 reflection.py -e endpoints.txt -p params.txt -o test.txt --mode 0 -rec on -t 100 [-hi hidden.txt]
python3 tools/list-cleaner.py -i test.txt -o test-clean.txt -p params.txt
python3 reflection.py -e test-clean.txt -p params.txt -o xss.txt --mode 3 -t 100