XSS Scanner: detects Cross-Site Scripting vulnerabilities in website
Cross-Site Scripting (XSS) is one of the most well-known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs.
The scanner gets a link from the user and scans the website for XSS vulnerability by injecting malicious scripts at the input place. The injection happens in a headless browser named Chromium and controlled by Puppeteer automation.
It works in two steps:
- Find the target: In this first step, the tool tries to identify all the places on the page including injectable parameters in forms, URLs, headers, etc.
How to install
Clone the repository:
git clone https://github.com/MariaGarber/XSS-Scanner.git
Enter the cloned folder:
Install the dependencies:
Run the application:
Open the browser at http://localhost:4000/