Skip to content
/ PathX Public

PathX takes a URL and a string as input, and returns a list of modified URLs with the string appended to the URL path in different ways.

License

MIT license
6 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Q0120S/PathX

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pathx.py
pathx.py
 
 

Repository files navigation

PathX

PathX takes a URL and a string as input, and returns a list of modified URLs with the string appended to the URL path in different ways.

This tool can help you to Identify Path XSS and other stuffs.

Installation

git clone https://github.com/Q0120S/pathx.git
cd pathx
python3 pathx.py -h

You can add this tool to your bashrc for ease of use:

pathx() {                  
python3 /path/to/your/tool/pathx.py "$@"
}

Usage

python3 pathx.py -h

This will display help for the tool. Here are all the switches it supports.

usage: pathx.py [-h] [-u URL] [-l LIST] [-s STRING] [-ne]

Appending string in different ways to a URL path.

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     single target URL.
  -l LIST, --list LIST  target URL file.
  -s STRING, --string STRING
                        string to append to the URL path.
  -ne, --no-ending-slash
                        omit ending slash from URLs

Running PathX

cat urls.txt | python3 pathx.py -s %22pathx
echo https://google.com/api/XSS/services/test | python3 pathx.py -s %22pathx
python3 pathx.py -l urls.txt -s %22pathx
python3 pathx.py -u https://google.com/api/XSS/services/test -s %22pathx

Output:

https://google.com/api/XSS/services%22pathx/test/
https://google.com/api%22pathx/XSS/services/test/
https://google.com/api/XSS/services/test/%22pathx
https://google.com/api/XSS/services/test%22pathx/
https://google.com/%22pathx/api/XSS/services/test/
https://google.com/api/XSS/%22pathx/services/test/
https://google.com/api/XSS/services/%22pathx/test/
https://google.com/api/XSS%22pathx/services/test/
https://google.com/api/XSS/services/test/%22pathx/
https://google.com/api/%22pathx/XSS/services/test/

Running PathX with no ending slash

python3 pathx.py -u https://google.com/api/XSS/services/test -s %22pathx -ne

Output:

https://google.com/api/%22pathx/XSS/services/test
https://google.com/api%22pathx/XSS/services/test
https://google.com/api/XSS/services/test/%22pathx
https://google.com/api/XSS/%22pathx/services/test
https://google.com/api/XSS/services%22pathx/test
https://google.com/api/XSS/services/%22pathx/test
https://google.com/api/XSS/services/test%22pathx
https://google.com/api/XSS%22pathx/services/test
https://google.com/%22pathx/api/XSS/services/test

About

PathX takes a URL and a string as input, and returns a list of modified URLs with the string appended to the URL path in different ways.

Topics

automation xss bugbounty security-tools bugbounty-tool

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages