You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Discovery | Parameter analysis | - Find reflected param<br />- Find alive/bad special chars, event handler and attack code <br />- Identification of injection points(HTML/JS/Attribute) <br /> `inHTML-none``inJS-none``inJS-double``inJS-single``inJS-backtick``inATTR-none``inATTR-double``inATTR-single`|
|| Static analysis | - Check bad-header like CSP, XFO, etc.. with req/res base |
|| Another vuln analysis | - Test for Another Vulnerabilities (e.g sqli) |
|| Parameter Mining | - Find new param with Dictonary attack (default is [GF-Patterns](https://github.com/1ndianl33t/Gf-Patterns))<br />- Support custom dictonary file (`--mining-dict-word`)<br />- FInd new param with DOM |
|| Built-in Grepping | - It Identify the basic info leak of SSTi, Credential, SQL Error, and so on |
| Scanning | XSS Scanning | - Reflected xss / stored xss <br />- DOM base verifying<br />- Blind XSS testing with param, header(`-b` , `--blind` options)<br />- Only testing selected parameters (`-p`, `--param`)<br />- Only testing parameter analysis (`--only-discovery`) |
