This is an advanced XSS scanner that detects Reflected, Stored, and DOM-based XSS vulnerabilities in web applications.
β
Reflected XSS Detection β Tests URL parameters for reflection vulnerabilities.
β
Stored XSS Detection β Submits payloads into forms to check for stored XSS.
β
DOM-based XSS Detection β Uses Selenium to identify client-side JavaScript vulnerabilities.
β
Custom Headers Spoofing β Bypasses simple bot protections.
β
Logging Support β Saves scan results in xss_report.txt.
β
Headless Selenium Mode β For efficient browser-based testing.
pip install requests beautifulsoup4 selenium
sudo apt install firefox
wget https://github.com/mozilla/geckodriver/releases/latest/download/geckodriver-linux64.tar.gz
tar -xvzf geckodriver-linux64.tar.gz
sudo mv geckodriver /usr/local/bin/brew install geckodriverWindows:
Download Geckodriver from Mozilla GitHub Releases.
Extract and add it to your system PATH.
π Usage
Run the scanner:
python xss_detector.py
Enter the target URL when prompted. Example: Enter target URL: https://example.com/search?q=test
π How It Works
Reflected XSS: Injects payloads into URL parameters and checks if they appear in the response.
Stored XSS: Submits payloads into forms and verifies if they persist in the page.
DOM-based XSS: Loads the URL in Selenium, injects payloads into the URL fragment, and checks for JavaScript execution.
This tool is for educational and security testing purposes only. Do not use it on websites without permission. Unauthorized testing is illegal!
π Author
r10xM37 β Ethical Hacker & Security Researcher
This README covers installation, usage, and key details. Let me know if you need modifications! π