|Loxs|Multi Vulnerability Scanner|for web application|
|----------------|--------------|-------------|
| `L`| `=`| `Local File Inclusion (LFI)`|
| `O`| `=`| `Open Redirection (OR)`|
| `X`| `=`| `Cross Site Scripting (XSS)`|
| `S`| `=`| `Structured Query Language Injection (SQLi)`|
> **Loxs** is an easy-to-use tool that finds web issues like `LFI` - `OR` - `SQLi` - `XSS`.
*`Made by`* - [`AnonKryptiQuz`](https://github.com/AnonKryptiQuz) x [`Coffinxp`](https://github.com/coffinxp) x [`HexShad0w`](https://github.com/HexShad0w) x [`Naho`](https://github.com/Naho666) x [`1hehaq`](https://github.com/1hehaq)!
*`Made by`* - [`AnonKryptiQuz`](https://github.com/AnonKryptiQuz) x [`Coffinxp`](https://github.com/coffinxp) x [`HexShad0w`](https://github.com/HexShad0w) x [`Naho`](https://github.com/Naho666) x [`1hehaq`](https://github.com/1hehaq)!
| Features | About |
|---|---|
LFI Scanner |
Detect Local File Inclusion vulnerabilities. |
OR Scanner |
Identify Open Redirect vulnerabilities. |
SQL Scanner |
Detect SQL Injection vulnerabilities. |
XSS Scanner |
Identify Cross-Site Scripting vulnerabilities. |
Multi-threaded Scanning |
Improved performance through multi-threading. |
Customizable Payloads |
Adjust payloads to suit specific targets. |
Success Criteria |
Modify success detection criteria for specific use cases. |
User-friendly CLI |
Simple and intuitive command-line interface. |
Save Vulnerable URLs |
Option to save vulnerable URLs to a file for future reference. |
HTML Report Generation |
Generates a detailed HTML report of found vulnerabilities. |
Share HTML Report via Telegram |
Share HTML vulnerability reports directly through Telegram. |
| Language | Packages |
|---|---|
| Python | Python 3.x webdriver_manager selenium aiohttp beautifulsoup4 colorama rich requests gitpython prompt_toolkit pyyaml Flask |
Installation
Clone the repository
git clone https://github.com/coffinxp/lostools.gitcd lostoolsInstall the requirements
pip3 install -r requirements.txtRun the Script
python3 loxs.py| Input Information | |
|---|---|
| Input URL/File | Provide a single URL or an input file containing multiple URLs for scanning. |
| Payload File | Select or provide a custom payload file for the specific type of vulnerability scanning. |
| Success Criteria | Define patterns or strings indicating a successful exploitation attempt. |
| Concurrent Threads | Set the number of threads for multi-threaded scanning. |
| View and Save Results | Display results in real-time during the scan, and save vulnerable URLs for future use. |
| Customization | |
|---|---|
| Custom Payloads | Modify or create payload files for different vulnerability types to target specific apps. |
| Success Criteria | Adjust the tool's success patterns to more accurately detect successful exploitations. |
| Concurrent Threads | Control the number of threads used during the scan for performance optimization. |
Chrome Installation
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.debsudo dpkg -i google-chrome-stable_current_amd64.deb- If you encounter any errors during installation, use the following command:
sudo apt -f installsudo dpkg -i google-chrome-stable_current_amd64.debChrome Driver Installation
wget https://storage.googleapis.com/chrome-for-testing-public/128.0.6613.119/linux64/chromedriver-linux64.zipunzip chromedriver-linux64.zipcd chromedriver-linux64 sudo mv chromedriver /usr/bin[!WARNING]
Loxs is intended for educational and ethical hacking purposes only. It should only be used to test systems you own or have explicit permission to test. Unauthorized use of third-party websites or systems without consent is illegal and unethical.