Skip to content

elielsardanons/xss-detector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
vuln-site
vuln-site
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
crawler.py
crawler.py
 
 
db.py
db.py
 
 
inject.py
inject.py
 
 
payloads.xss
payloads.xss
 
 
singleton.py
singleton.py
 
 
termcolors.py
termcolors.py
 
 
test_crawler.py
test_crawler.py
 
 
test_inject.py
test_inject.py
 
 
test_utils.py
test_utils.py
 
 
test_xsshelper.py
test_xsshelper.py
 
 
urlrequest.py
urlrequest.py
 
 
utils.py
utils.py
 
 
xss-detector.py
xss-detector.py
 
 
xss.db.script
xss.db.script
 
 
xsshelper.py
xsshelper.py
 
 

Repository files navigation

xss-detector

Usage:
usage: xss-detector.py [-h] [--url URL] [--body BODY] [--method METHOD]
                       [--threads THREADS] [--db DB]

Search for Cross-site scripting

optional arguments:
  -h, --help         show this help message and exit
  --url URL          The url to search for XSS (http://victim.com/path?q=help)
  --body BODY        The application/x-www-form-urlencoded body content to
                     send ('param1=value1&param2=value2')
  --method METHOD    request method 'GET' or 'POST' (defaults to "GET")
  --threads THREADS  Number of threads to use while searching for XSSs.
  --db DB            sqlite3 database name. (defaults to 'xss.db')

Example:

./xss-detector.py --url "https://xss-game.appspot.com/level1/frame?query=aaaa&pepe=jose"

Create sqlite3 database if you want the results being stored in the db

sqlite3 xss.db < xss.db.script

Build docker image

docker build --tag xss-detector:0.1 .

Running xss-detector using docker

docker run --mount type=bind,source="$(pwd)"/xss.db,target=/xss.db -it xss-detector:0.1 --url https://www.victim.com

About

XSS detector

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages