HomeBug BountyOne liner for Scanning XSS Vulnerabilities using waybackurls and qsreplace

One liner for Scanning XSS Vulnerabilities using waybackurls and qsreplace

SECRY – XSS Using Oneliner – Hello SECRY readers! Have you ever thought that recon and manually checking for specific vulnerabilities can be exhausting and sometimes a huge waste of time?

Well, that’s why I want to share a one-liner command for scanning, but this time, it’s for XSS.

Here’s the one-liner:

waybackurls | grep '=' | qsreplace "<h1>KOESOPOKOE</h1>" > result.txt ; cat result.txt | while read host do ; do curl -s --path-as-is --insecure "$host" | grep -qs "<h1>KOESOPOKOE</h1>" && echo -e "$host \033[0;32mVulnerable\033[0m" || echo -e "$host \033[0;31mNot Vulnerable\033[0m"; done

This one-liner command was originally obtained from Xploit Lab, but I made some slight modifications to it because there were some issues when I used the Xploit Lab version of the script command

However, these commands won’t work if you haven’t installed waybackurls and qsreplace. Before proceeding, make sure you’ve installed QSReplace and waybackurls. I happen to be running this on WSL (Windows Subsystem for Linux) with Ubuntu as the operating system.


What is waybackurls?

waybackurls is a tool that accepts line-delimited domain names via standard input (stdin) and retrieves known URLs from the Wayback Machine for each `*.domain`. It then outputs these archived URLs to standard output (stdout). This tool is valuable for enumerating historical web page versions associated with a given domain, helping security professionals and researchers discover potentially hidden or forgotten content on websites.

Here’s a simple way to install waybackurls (text-based tutorial):

  1. Ensure that Golang is downloaded or installed on your laptop/computer/VPS. If not, you can install it by following the tutorial here: Golang Installation.
  2. Run go install
  3. Add export PATH="$PATH:$HOME/go/bin" to your .bashrc file in your system.


What is qsreplace?

qsreplace is a tool that takes URLs via standard input (stdin) and is used to replace all the values in the query string with user-supplied values. However, what sets qsreplace apart is that it will only output each unique combination of query string parameters once for each host and path.

In other words, qsreplace allows you to substitute values in URLs with the values you specify, but it produces only one output for each unique combination of query string parameters for each different host and path. This is particularly useful in security testing and ethical hacking, as it enables you to run a series of test cases with variations in query string parameter values without generating excessive output.

For a simple installation of qsreplace (text-based tutorial):

  • In my WSL setup, it was sufficient to run go install, and it was installed directly.

Note: Regarding the installation process, it’s possible that some errors or issues may occur on certain devices. As a bug hunter, it’s essential to be diligent in using Google to find solutions.

That’s it for my short tutorial. Stay tuned for more bug bounty tips on

A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.



Please enter your comment!
Please enter your name here

15 − 13 =

Most Popular


- Advertisement -