Skip to content
traxss | Automated XSS Vulnerability Scanner Currently In Development 🐍 HACKTOBERFEST PROJECT 2019
Python Dockerfile
Branch: master
Clone or download
Latest commit 48dee2e Oct 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update FUNDING.yml Oct 11, 2019
traxss Seperate Window for each Scan Oct 17, 2019
.gitignore Remove Log Oct 10, 2019 Rename to Oct 11, 2019 Docker and Dockerfile Added Oct 18, 2019
Dockerfile Update Dockerfile Oct 20, 2019
LICENSE Initial commit Oct 10, 2019 Merge pull request #19 from errxr403/master Oct 21, 2019
requirements.txt Add Requirements Oct 10, 2019 Remove Log Oct 10, 2019


Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless

Forks Issues Python 3.6+



Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free.

Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan.

Getting Started


Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:

brew install cask chromedriver

Alternatively, find a version for other operating systems here:


Run the command:

pip3 install -r requirements.txt

Docker Build

docker build -t <IMAGE NAME> .
docker build -t xshuden/traxss .

Docker Run

docker run --rm -it xshuden/traxss

Running Traxss

Traxx can be started with the command:


This will launch an interactive CLI to guide you through the process.

Types of Scans

Full Scan w/ HTML

Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerabilities (this feature is still in beta).

Full Scan w/o HTML

This scan will run the query scan only.

Fast Scan w/ HTML

This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.

Fast Scan w/o HTML

This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.


Thank you for your interest! All types of contributions are welcome.

  • Fork and clone this repository
  • Create your branch from the master branch
  • Please open your PR with the master branch as the base
You can’t perform that action at this time.