XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable.

What is (Cross Site Scripting)? An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site. 

Also Read Blazy the modern login page bruteforcer with CSRF, Clickjacking Scanner and WAF Detector


xsssniper is a handy tool with mass scanning functionalities.To clone the tool click here

Scanning a single url with GET params:

$ python -u ""

Scanning a single url with POST params:

$ python -u "" --post --data=POST_DATA

Crawl a single url looking for forms to scan:

$ python -u "" --forms

Mass scan an entire website:

$ python -u "" --crawl

Mass scan entire website forms included:

$ python -u "" --crawl --forms

Analyze target page javascript (embedded and linked) to search for common sinks and sources:

$ python -u "" --dom

Author: gbrindisi