Kxss
Cross-site scripting detector
Recon & OSINT2 commands
#xss#scanner#detector#golang
Installation
1Install via Go
2Verify installation
# Using Go
go install github.com/tomnomnom/hacks/kxss@latest
# Verify
kxss -hBasic Usage
Detect reflected XSS vulnerabilities in URLs
# Scan URLs from stdin
cat urls.txt | kxss
# Scan a single URL
echo "https://example.com/?q=test" | kxss
# Pipe from wayback machine
katana -u https://example.com | kxss
# With custom payload
cat urls.txt | kxss -p "PAYLOAD"Command Reference
2 commands
1Custom payload to inject
-p2Show help
-hWhen to Use
1
Reflected XSS detection2
Mass scanning of URL lists3
Bug bounty automation pipelines4
Validating XSS filters5
Quick triage of collected URLsNotes & Tips
1
Part of TomNomNom's hacks collection2
Works best as part of a pipeline with gau, waybackurls, or katana3
Detects reflection of injected payloads in responses4
Lightweight and fast for bulk URL processingCommon Errors & Solutions
No input
Provide URLs via stdin: cat urls.txt | kxss
False positives
Manually verify each reflected parameter