Skip to content
/ RedTiger Public

RedTiger - Automated XSS vulnerability testing tool with intelligent endpoint filtering and beautiful terminal UI

medjahdi.vercel.app

License

MIT license
10 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

medjahdi/RedTiger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
XSSNOVA
XSSNOVA
 
 
XnovaX
XnovaX
 
 
LICENCE
LICENCE
 
 
README.md
README.md
 
 
banner.png
banner.png
 
 
redtiger.sh
redtiger.sh
 
 

Repository files navigation

RedTiger - XSS Automation Testing Tool

⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣀⣠⣤⣤⣤⡴⣶⣶⠆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⣴⣶⣿⣿⣿⣿⣿⣿⣷⣿⣶⣿⣧⣤⣤⣤⣤⣤⣤⣤⣤⣤⣤⣤⣄⣀⣀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣾⣿⣿⣿⠿⠿⠛⠛⠛⠋⠉⠉⠉⠛⠛⠛⠛⠿⠟⠛⠛⠛⠛⠛⠛⠛⠛⠛⣻⣿⣿⠋⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣠⣴⣿⣿⣿⠟⠋⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣟⡁⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⣠⣾⣿⣿⠟⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠴⠿⠿⠿⣿⣿⣷⣦⡀⠀⠀⠀⠀
⠀⠀⠀⢰⣿⣿⡿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣠⣄⣀⣀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠿⣶⣄⠀⠀
⠀⠀⠀⢸⣿⣿⣿⣦⣤⣤⣀⣀⣀⣀⣠⣤⠴⠖⠋⢉⣽⣿⣿⣿⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠧⡀
⠀⠀⢠⣿⠟⠉⠁⠈⠉⠉⠙⠛⠛⠿⠿⣿⣿⣿⣿⣿⣿⠿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈
⠀⢠⣿⡁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠽⠟⠛⠉⠀⢀⣀⣤⣴⣶⣶⣶⣶⣶⣶⣤⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⣿⣿⣿⣷⣶⣦⣤⣤⣤⠄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠁⠀⠀⠀⠀⠀⠀⠈⠉⠛⠿⣿⣿⣿⣶⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⢸⣿⠘⢿⣿⣿⠿⠛⠉⠀⠀⠀⠀⠀⠀⠀⢀⣀⣤⣤⣤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣿⣿⣿⣿⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠈⣿⣴⣿⣿⣄⠀⠀⠀⠀⠀⠀⣀⣠⣴⠶⣿⣿⠋⠉⠉⠉⠙⢻⣿⡆⠀⠀⠀⠀⠀⠀⣀⣴⣶⣿⣿⣿⣿⣿⣷⡄⠀⠀⠀⠀⠀⠀⠀
⠀⢹⣿⡍⠛⠻⢷⣶⣶⣶⠟⢿⣿⠗⠀⠹⠃⡀⠀⠀⠀⠀⠀⠀⣿⡇⠀⠀⠀⢀⣴⣿⣿⣿⣿⠿⠿⠛⠛⠛⠛⠛⠂⠀⠀⠀⠀⠀⠀
⠀⠀⢻⡇⠀⠀⠀⢻⣿⣿⠀⠈⠛⠀⠀⠀⢹⠇⠀⠀⠀⠀⢶⣿⠇⠀⢀⣴⣿⣿⠿⠛⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠁⠀⠀⠀⠀⠹⡇⠀⠀⠀⠀⠀⣀⡾⠀⠀⠀⠀⠀⢸⡿⠀⣠⣿⣿⠟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⣦⠀⠀⢠⣿⢳⠀⠀⠀⠙⣿⣿⠁⢰⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠰⣿⣷⡾⠿⠃⢸⣷⣀⠀⢀⣾⠃⢀⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⣿⣿⠻⠷⢾⣿⣿⣷⡿⠁⠀⢸⣿⡟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⢿⣷⣄⠀⠀⠉⠛⠀⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠿⣿⣦⣄⡀⠀⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠛⠿⣿⣶⣶⣾⣿⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠛⠛⠿⠧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

🚩 Overview

RedTiger is an automated XSS (Cross-Site Scripting) vulnerability testing tool built to streamline the process of security testing. It automates four key phases: subdomain enumeration, link filtering, endpoint extraction, and XSS vulnerability scanning.

Author: @medjahdi
Version: 1.0.0

✨ Features

  • 🔍 Comprehensive Scanning: Subdomain discovery, link filtering, endpoint extraction, and XSS testing
  • 🎯 Intelligent Filtering: Tests only endpoints with parameters (containing "?"), increasing efficiency
  • 🖥️ Rich Terminal UI: Beautiful animations, progress bars, and color-coded output
  • 📊 Detailed Reporting: Shows scan statistics and sample results in each phase
  • 🔄 Main Domain Inclusion: Always tests the main domain even when no subdomains are found
  • 🛡️ Dependency Checking: Ensures all required tools are available before starting

🔧 Requirements

RedTiger requires the following tools:

  • subfinder - For subdomain enumeration
  • katana - For endpoint extraction
  • XnovaX - For filtering useful links
  • XSSNOVA - For XSS vulnerability scanning

📦 Installation

  1. Clone the repository:
git clone https://github.com/medjahdi/RedTiger.git
cd RedTiger
  1. Make the script executable:
chmod +x redtiger.sh
  1. Install dependencies if not already installed:
# Install subfinder
GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder

# Install katana
GO111MODULE=on go get -v github.com/projectdiscovery/katana/cmd/katana
  1. Make sure XnovaX and XSSNOVA are in their respective directories:
RedTiger/
├── redtiger.sh
├── XnovaX/
│   └── xnovax.py
└── XSSNOVA/
    └── xssnova.py

🚀 Usage

Run RedTiger against a target domain:

./redtiger.sh example.com

The tool will create a directory structure as follows:

example.com/
├── subdomains.txt     # All discovered subdomains
├── clean_livesubs.txt # Filtered useful links
├── endpoints.txt      # All extracted endpoints
└── attack.txt         # Endpoints with parameters for XSS testing

🔄 Workflow

  1. Subdomain Enumeration (subfinder):

    • Discovers all subdomains for the target domain
    • Automatically adds the main domain for testing

  2. Link Filtering (XnovaX):

    • Filters useful and live links from discovered subdomains
    • Saves the filtered links for the next phase

  3. Endpoint Extraction (katana):

    • Crawls all filtered links to discover endpoints
    • Extracts all URLs and paths from the target

  4. Parameter Filtering:

    • Selects only endpoints with parameters (containing "?")
    • Creates a focused list for efficient XSS testing

  5. XSS Testing (xssnova):

    • Tests each parameterized endpoint for XSS vulnerabilities
    • Reports potential vulnerabilities

📷 Screenshots

RedTiger Banner

🤝 Contributing

Contributions are welcome! Feel free to submit a Pull Request.

  1. Fork the project
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

📧 Contact

⚠️ Disclaimer: This tool is intended for ethical security testing only. Always ensure you have permission to test the target domain.

💰 Support the Project

If you find RedTiger useful, consider supporting its development:

PayPal

Your support helps maintain and improve RedTiger!

About

RedTiger - Automated XSS vulnerability testing tool with intelligent endpoint filtering and beautiful terminal UI

medjahdi.vercel.app

Topics

automation cybersecurity penetration-testing bug-bounty ethical-hacking security-tools xss-testing vulnerability-scanning terminal-ui subdomain-enumeration

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages