Skip to content

bsysop/reflection-public

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Reflection - The Automated Reflected Parameter Finder & XSS/SQLi/SSRF tester

Mikey's Recommended Command for XSS Hunting:

python3 reflection.py -e endpoints.txt -p params.txt -o output.txt -rec on --mode 2 --discord [WEBHOOK_URL] -t 50

image

Castilho's Recommended Command for SQLi Hunting:

python3 reflection.py -e endpoints.txt -p params.txt -o output.txt --mode 4 --discord [WEBHOOK_URL] -t 50

image

Mikey's Recommended Command for SSRF Hunting:

python3 reflection.py -e endpoints.txt -p params.txt --mode 5 --bc [BURP COLLABORATOR] -t 50

Generate an endpoint list from burp proxy history file:

1. You can collect additional parameters not present in your parameter list and write them to it using using -p [FILE_NAME]
2. You can filter out specified filetypes from your list using -ft .[EXT]
python3 tools/burp-cleaner.py -i history.xml -o history.txt -ft .js,.css,.rtf [-p params.txt]

Generate an endpoint list from gau/httpx output file:

1. You can collect additional parameters not present in your parameter list and write them to it using using -p [FILE_NAME]
2. You can filter out specified filetypes from your list using -ft .[EXT]
python3 tools/httpx-cleaner.py -i output.txt -o endpoints.txt -ft .js,.css,.rtf [-p params.txt]

Find Reflected Sites from endpoint list:

1. -e = endpoints file you want to scan
2. -p = parameter file you want to use to scan for hidden param reflection
3. -o = output file for scan results.
4. --mode [0, 1, 2, 3 or 4] where 0 is a reflection scan with GET endpoints, 1 is a reflection scan with POST endpoints, 2 is a reflection scan with GET and POST,  3 is a XSS scan on confirmed reflected parameters generated by the 3 commands below and 4 is the SQLI endpoint scanner.
5. -rec [on] optional choice, '-rec on' will do a recursive search of parameters and return all reflected parameters instead of stopping after 1 is found.
6. -t [THREAD_COUNT] use this to specify your thread count.
7. --cookie [COOKIES] use this to provide your authentication cookies.
8. --discord [WEBHOOK_URL] for result output to discord (can be used with -o)
9. -fp [PARAM1,PARAM2] can be used to filter out params from being used in scanning - great for globally reflected params.
10. [-v on] is used for detailed output which includes full url, clean url and reflected code snippet.
11. -hi [FILENAME] generates all of the hidden input names to the file specified (credits to bendtheory for the idea!)
12. -bc [BURP-COLLABORATOR] run a burp collaborator and insert the URL here to check for any callsbacks.
python3 reflection.py -e endpoints.txt -p params.txt -o test.txt --mode 0 -rec on -t 100 [-hi hidden.txt]

Clean the newly generated list of reflected parameter URLs:

python3 tools/list-cleaner.py -i test.txt -o test-clean.txt -p params.txt

Test the cleaned reflected parameter lists for XSS points:

python3 reflection.py -e test-clean.txt -p params.txt -o xss.txt --mode 3 -t 100

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages