Gxss
Reflected XSS parameter detection
Recon & OSINT5 commands
#xss#reflected#detection#golang
Installation
1Install via Go
2Verify installation
# Using Go
go install github.com/KathanP19/Gxss@latest
# Verify
Gxss -hBasic Usage
Detect reflected XSS parameters by injecting test payloads
# Scan URLs with a test payload
cat urls.txt | Gxss -p "test"
# Scan with custom payload and threads
cat urls.txt | Gxss -p "<script>alert(1)</script>" -t 50
# Output only vulnerable parameters
cat urls.txt | Gxss -p "test" -o output.txt
# Quiet mode for piping
cat urls.txt | Gxss -p "test" -c 100Command Reference
5 commands
1Payload to inject
-p2Number of threads
-t3Output file
-o4Concurrent requests
-c5Show help
-hWhen to Use
1
Reflected XSS parameter discovery2
Mass scanning URL collections3
Automated bug bounty workflows4
Filtering URLs for XSS testing5
Pre-scanning before manual XSS exploitationNotes & Tips
1
Detects which parameters reflect input in the response2
Does not confirm actual XSS — only detects reflection3
Fast multi-threaded scanning4
Use with -c for concurrent request control5
Works well with dalfox for full XSS verificationCommon Errors & Solutions
No URLs provided
Pipe URLs via stdin: cat urls.txt | Gxss -p test
No reflection found
Try different payloads or verify URLs contain parameters