X9

Table of Contents

๐Ÿงช x9 โ€” Passive XSS Discovery Tool

x9 is a powerful tool for discovering potential Cross-Site Scripting (XSS) vulnerabilities from passive URL sources.

Focused on automation, filtering, and alerting โ€” built for bug bounty hunters and researchers who want to catch XSS with minimal false positives.

๐Ÿ” What It Does

  • ๐Ÿ•ธ Collects passive URLs from:
    • Waybackurls
    • GAU (GetAllURLs)
    • Katana (optional)
  • ๐Ÿ”Ž Filters and extracts only relevant URLs
  • ๐Ÿงผ Removes noise like static assets and non-parameterized links
  • ๐Ÿงฌ Optionally discovers hidden parameters with fallparams
  • ๐Ÿงจ Injects payloads into filtered URLs
  • ๐Ÿ“ข Sends alerts on detection (via Discord Webhook)
  • ๐Ÿ“„ Outputs can be saved, piped to Nuclei, or used in CI flows

๐Ÿงฐ Components

File Role
x9_passive.py Gathers passive URLs and filters out noise
x9_fuzz.py Splits and prepares URLs for fuzzing
x9.py Main XSS payload injector
x9_run.py Orchestrates passive + fuzz + detection + alerting

โš™๏ธ Installation

git clone https://github.com/electro0nes/x9.git
cd x9
pip install -r requirements.txt