XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable.

What is (Cross Site Scripting)? An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site. 

Also Read Blazy the modern login page bruteforcer with CSRF, Clickjacking Scanner and WAF Detector


xsssniper is a handy tool with mass scanning functionalities.To clone the tool click here

Scanning a single url with GET params:

$ python xsssniper.py -u "http://target.com/index.php?page=test"

Scanning a single url with POST params:

$ python xsssniper.py -u "http://target.com/index.php" --post --data=POST_DATA

Crawl a single url looking for forms to scan:

$ python xsssniper.py -u "http://target.com" --forms

Mass scan an entire website:

$ python xsssniper.py -u "http://target.com" --crawl

Mass scan entire website forms included:

$ python xsssniper.py -u "http://target.com" --crawl --forms

Analyze target page javascript (embedded and linked) to search for common sinks and sources:

$ python xsssniper.py -u "http://target.com" --dom

Author: gbrindisi

Leave a Reply