XSS-Scanner is a cross-site scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs.
The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scripts at the input place. The injection happens in headless browser named Chromium and controlled by Puppeteer automation.
- It works in two steps:
- Find the target: In this first step, the tool tries to identify all the places at the page including injectable parameters in forms, URLs, headers, etc.
How to install?
- Clone the repository:
git clone https://github.com/MariaGarber/XSS-Scanner.git
- Enter the clonned folder:
- Install the dependencies:
- Run the application:
Open the browser at http://localhost:4000/