Xaphan is a powerful command-line tool developed for automating the detection of Cross-Site Scripting (XSS) vulnerabilities in web applications. Designed with efficiency and ease of use in mind, Xaphan streamlines the process of identifying unfiltered parameters by leveraging popular tools such as gau, waybackurls, Gxss, kxss, gf, and uro. It supports both single domain and bulk scanning using URLs fetched from multiple sources like the Wayback Machine or gau, allowing for comprehensive vulnerability assessment across large web applications.
Advanced URL discovery through multiple sources including Wayback Machine, gau, and custom lists, with smart filtering to focus only on potentially vulnerable endpoints.
Automated extraction and classification of URL parameters with pattern recognition to identify those most likely to be vulnerable to XSS attacks.
Multithreaded vulnerability testing that dramatically increases scanning speed while maintaining accuracy and avoiding false positives.
Detailed output with color-coded severity ratings, exploitation paths, and remediation suggestions in multiple export formats.
Xaphan is built in Go, chosen for its performance and concurrency capabilities which are crucial for efficient vulnerability scanning. The tool leverages a modular architecture with separate components for URL discovery, parameter extraction, and vulnerability testing. Multithreaded processing is implemented throughout the codebase to maximize scanning speed, with configurable thread counts to adapt to different environments and requirements. The tool also incorporates intelligent rate limiting and status code filtering to avoid overwhelming target servers or generating false positives.
func main() {
runtime.GOMAXPROCS(runtime.NumCPU()) // Use all available CPU cores
displayBanner()
flag.Parse()
if helpFlag || (urlFlag == "" && listFlag == "") {
flag.Usage()
return
}
var domains []string
if urlFlag != "" {
domains = append(domains, urlFlag)
} else if listFlag != "" {
data, err := ioutil.ReadFile(listFlag)
if err != nil {
fmt.Printf("\033[31m[ERROR] File %s not found: %v\033[0m\n", listFlag, err)
return
}
domains = strings.Split(strings.TrimSpace(string(data)), "\n")
fmt.Printf("\033[32m[INFO] Total domains to scan: %d\033[0m\n", len(domains))
}
if len(domains) == 0 {
fmt.Printf("\033[31m[ERROR] No domains to scan. Use -u or -l.\033[0m\n")
return
}
if !waybackFlag && !gauFlag {
fmt.Printf("\033[31m[ERROR] No tool specified to collect URLs. Use --wayback or --gau.\033[0m\n")
flag.Usage()
return
}
var wg sync.WaitGroup
jobs := make(chan string, len(domains))
results := make(chan map[string]interface{}, len(domains))
// Determine the number of workers based on the number of domains
numWorkers := thread
if len(domains) > 5 {
numWorkers = 100
}
// Rate limit delay for Wayback Machine
rateLimitDelay := 5 * time.Second
// Display rate limit message once
if waybackFlag {
fmt.Printf("\033[32m[INFO] Rate limit detected for webarchive.org. Delaying request by %s.\033[0m\n", rateLimitDelay)
}
// Create workers
for w := 1; w <= numWorkers; w++ {
wg.Add(1)
go worker(w, jobs, results, &wg)
}
// Send jobs with rate limiting for Wayback Machine
for _, domain := range domains {
jobs <- domain
if waybackFlag {
time.Sleep(rateLimitDelay)
}
}
close(jobs)
go func() {
wg.Wait()
close(results)
}()
var allResults []map[string]interface{}
for result := range results {
domain := result["domain"].(string)
xssDetails := result["details"].([]map[string]interface{})
fmt.Printf("\033[32m[INFO] Results for domain: %s\033[0m\n", domain)
displayResults(xssDetails, verboseFlag, responseFlag)
allResults = append(allResults, xssDetails...)
}
if detailedFlag != "" {
saveDetailedReport(allResults, detailedFlag)
}
if jsonFlag != "" {
saveJSONOutput(allResults, jsonFlag)
}
// Print the total number of processed domains
fmt.Printf("\033[32m[INFO] Total processed domains: %d\033[0m\n", atomic.LoadInt64(&processedDomains))
}
Since its release, Xaphan has become an essential tool in the arsenal of many security researchers and bug bounty hunters. The tool has facilitated the discovery of numerous XSS vulnerabilities across a wide range of web applications, significantly reducing the time and effort required for manual testing. By automating the process of fetching URLs, identifying parameters, and testing for XSS, Xaphan has made vulnerability assessment more accessible to security professionals of all skill levels.