This an adaption of Emoe's adaptation of tomnomnom's kxss tool with a different output format and some flags for custom headers and proxy. I didn't want to fork his whole Hacks-Repository so created my Own ;-)
It has also been adapted to check for Open Redirects instead of XSS.
All Credit for this Code goes to Tomnomnom and Emoe
Output Looks like this:
URL: https://www.**********.***/event_register.php?event=177 Param: event Unfiltered: [http://quas.sh http:/quas.sh]
To install this Tool please use the following Command:
go install github.com/microphone-mathematics/kor@latest
To run this script use the following command:
echo "https://www.**********.***/event_register.php?event=177" | kor
echo "https://www.**********.***/event_register.php?event=177" | kor -header 'Cookie: JSESSIONID=xxxxxxxxxxxxxxx' -header 'Authorization: Bearer aaaaaaaaaaaaaaaaaa'
echo "https://www.**********.***/event_register.php?event=177" | kor -proxy 'http://127.0.0.1:8080'
If you have an question you can create an Issue or ping me on twitter