X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans

X-Recon is a utility designed to identify web page inputs and conduct XSS scanning. It features subdomain discovery, site-wide link discovery, form and input extraction, and XSS scanning. The tool can retrieve relevant subdomains for a target website and consolidate them into a whitelist. It also collects all links throughout the website based on the provided whitelist and specified max_depth. X-Recon identifies all forms and inputs found within the extracted links, generating a JSON output that serves as a foundation for XSS vulnerability testing. The tool is currently inactive on Single Page Application web applications and has been tested on websites developed with PHP, yielding remarkable results. X-Recon maintains an up-to-date list of file extensions that it skips during the exploration process, which can be customized by editing the setting.json file. To install X-Recon, clone the repository, navigate to the directory, install the required packages, and run the tool. A test target address is provided for users to try out the utility.