Airi

Airi is made for find hidden input parameters in web applications.

- Installation & Requirements:

git clone https://github.com/ferreiraklet/airi.git
cd airi
go build main.go
mv main airi
chmod +x airi
./airi -h

- Usage & Explanation:

Some Web Applications use forms in order to make it stable. Starting from this principle, is possible that the application handle's hidden inputs in source code

Ex: <input type="hidden" name="validate" value="test">

Here it is when Airi appears,

When Web Environment has an input like <input type="hidden" name="test" value=""> and it's value is 0, is very likely the parameter maybe reflected in front end, in this way, making it probably possible to exploit xss reflected.

EXAMPLE:

cat index.html output: <input type="hidden" name="testing" value="">

Airi reads from stdin

You can use a file containing a list of targets as well:

cat targets | airi

Airi only brings to us the url to be tested, so, to test if parameter is reflecting, you can use other tools such as: httpx, kxss, gxss, etc, or manual analisys.

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.

ferreiraklet/Airi

Airi

Airi is made for find hidden input parameters in web applications.

- Installation & Requirements:

- Usage & Explanation:

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.