XSS Scanner
An advanced XSS (Cross-Site Scripting) vulnerability scanner built using Python and Selenium. This tool uses payloads to test URLs for XSS vulnerabilities by observing whether injected scripts can execute JavaScript alerts. It outputs both vulnerable and non-vulnerable URLs, allowing for efficient vulnerability analysis.
FeaturesScans multiple URLs with XSS payloads.
Supports multi-threading for faster scanning.
Uses Selenium and Chrome WebDriver to detect alerts generated by XSS vulnerabilities.
Saves the results to a specified output file.
RequirementsPython 3.6+
Google Chrome (latest version recommended)
ChromeDriver (automatically managed via webdriver-manager)
Installation:
Clone the repository
Install the requirements
Run the Script
Usage
The script accepts the following command-line arguments:-l, --urls: Path to a file containing the list of URLs to scan.
-p, --payloads: Path to a file containing XSS payloads.
-o, --output: Path to the output file where vulnerable URLs will be saved.
Command Example
Chrome Installation
If you encounter any errors during installation, use the following command:
Chrome Driver Installation
An advanced XSS (Cross-Site Scripting) vulnerability scanner built using Python and Selenium. This tool uses payloads to test URLs for XSS vulnerabilities by observing whether injected scripts can execute JavaScript alerts. It outputs both vulnerable and non-vulnerable URLs, allowing for efficient vulnerability analysis.
FeaturesScans multiple URLs with XSS payloads.
Supports multi-threading for faster scanning.
Uses Selenium and Chrome WebDriver to detect alerts generated by XSS vulnerabilities.
Saves the results to a specified output file.
RequirementsPython 3.6+
Google Chrome (latest version recommended)
ChromeDriver (automatically managed via webdriver-manager)
Installation:
Clone the repository
git clone https://github.com/aungsanoo-usa/xss_scanner.git
cd xss_scanner
Install the requirements
pip3 install -r requirements.txt
Run the Script
python3 xss_scanner.py
Usage
The script accepts the following command-line arguments:-l, --urls: Path to a file containing the list of URLs to scan.
-p, --payloads: Path to a file containing XSS payloads.
-o, --output: Path to the output file where vulnerable URLs will be saved.
Command Example
python3 xss_scanner.py -l urls.txt -p xss_payloads.txt -o output.txt
Chrome Installation
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo dpkg -i google-chrome-stable_current_amd64.deb
If you encounter any errors during installation, use the following command:
sudo apt -f install
sudo dpkg -i google-chrome-stable_current_amd64.deb
Chrome Driver Installation
wget https://storage.googleapis.com/chrome-for-testing-public/128.0.6613.119/linux64/chromedriver-linux64.zip
unzip chromedriver-linux64.zip
cd chromedriver-linux64
sudo mv chromedriver /usr/bin