DSXS: Damn Small XSS Scanner

Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

As of optional settings, it supports HTTP proxy together with HTTP header values User-Agent, Referer, and Cookie.

Installation

root@ddos:~/Desktop# git clone https://github.com/stamparm/DSXS.git
root@ddos:~/Desktop# cd DSXS/
root@ddos:~/Desktop/DSJS# python dsxs.py -h

$ python dsxs.py -h

Damn Small XSS Scanner (DSXS) < 100 LoC (Lines of Code) #v0.2d

 by: Miroslav Stampar (@stamparm)



Usage: dsxs.py [options]



Options:

  --version          show program's version number and exit

  -h, --help         show this help message and exit

  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.htm?id=1")

  --data=DATA        POST data (e.g. "query=test")

  --cookie=COOKIE    HTTP Cookie header value

  --user-agent=UA    HTTP User-Agent header value

  --referer=REFERER  HTTP Referer header value

  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")

 

 

To check a website, you use a simple command and check result:

root@ddos:~/Desktop/DSJS# python dsxs.py -u “https://www.kiranbooks.com/magazines/plan_details.php?id=60”

Verifying scan result by using xss payload:

This tool also supports to detect DOM-XSS.

Verifying scan result by using xss payload:

Source: https://github.com/stamparm/