Traxss : Automated XSS Vulnerability Scanner

Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan.

Getting Started

Prerequisites

Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:

brew install cask chromedriver

Also Read – Maryam : Open-source Intelligence(OSINT) Framework

Alternatively, find a version for other operating systems here: https://sites.google.com/a/chromium.org/chromedriver/downloads

Installation

Run the command:

pip3 install -r requirements.txt

Running Traxss

Traxx can be started with the command:

python3 traxss.py

This will launch an interactive CLI to guide you through the process.

Types of Scans

  • Full Scan w/ HTML : Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta).
  • Full Scan w/o HTML : This scan will run the query scan only.
  • Fast Scan w/ HTML : This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.
  • Fast Scan w/o HTML : This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.

Contributing

Thank you for your interest! All types of contributions are welcome.

  • Fork and clone this repository
  • Create your branch from the master branch
  • Please open your PR with the master branch as the base
R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

16 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

18 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

19 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

19 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

19 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 days ago