Pantest - Recon-ng scanning for XSS vulnerabilities

Security

Pantest - Recon-ng scanning for XSS vulnerabilities

올엠 2020. 11. 18. 15:41

https://www.youtube.com/watch?v=rrpcjrCceRk

If you run kaillinux 2.0 default install recon-ng. This tool is a good scanning tool that can acquire multiple pieces of information about the target you want to attack.

The tool can be run simply from the CLI via the command recon-ng.

recon-ng

An important part of Recon-NG is the use of extension modules. Commands can be verified through the show moudles command.

show moudles

Then you can see the extension modules available in Recon-ng as shown below. Here, we will use the XSS module.

use recon/domains-vulnerabilities/xssposed

Let’s check the basic information first.

show info

The important part here is that you need to specify the source site to check.

Let’s go over the asecurity.so that I run.

I do not see the XSS reported on my site.

So let’s check if XSS has been reported for famous sites. You can see there are a number of XSS reports here.

You know that this report is based on the openbugbounty site, you can go to the site and see the XSS report information.