XSSearch - A comprehensive reflected XSS tool built on selenium framework in python

Overview

XSSearch

A Comprehensive Reflected XSS Scanner


XSSearch is a comprehensive reflected XSS tool with 3000+ Payloads for automating XSS attacks and validating XSS endpoints.


DISCLAIMER :

The XSSearch developer will not be held liable if the tool is used with harmful or criminal intent. Please use at your own risk. :)


USES :

  • XSSearch can be used to discover reflected Cross Site Scripting (XSS) vulnerabilities 
  • XSSearch is capable of validating XSS payloads.
  • XSSearch will facilitate in the automation of brute - force attack for the verification of reflected XSS.
  • Works on all Linux environment
  • This can also be used in penetration testing to evaluate sanitization strength.

FEATURES :

  • Contains more than 3000 payloads for XSS validation
  • Works on selenium framework & ChromeDriver
  • It is faster than other XSS tools since the code is very light and rapid.
  • The code and payloads can be modified according to the situation.

SETUP & INSTALLATION

XSSearch requires Selenium, ChromeDriver and Python to work smoothly on your system.

Installing Selenium

$ sudo apt update
$ pip3 install selenium

Installing Chrome Browser for Linux (Skip this if you already have Chrome browser on your Linux)

$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
$ sudo apt install ./google-chrome-stable_current_amd64.deb

You may use the command to start Chrome from your terminal.

$ google-chrome --no-sandbox

Downloading ChromeDriver

Go to https://chromedriver.chromium.org/downloads and get the linux 64 zipped version of ChromeDriver 80.0.3987.106.

Unzip the zip file. There will be a file for ChromeDriver. Open terminal on the same location and use the following command.

$ sudo chmod +x chromedriver
$ sudo mv -f chromedriver /usr/bin/chromedriver

USAGE

XSSearch is a command line tool that uses a single command line instruction for simple and speedy execution.
Note : This tool will only work on url which has a input paramter in the url. Example : www[.]target[.]com/?xyz=

$ python3 xssearch.py -u url.com/?s={xss} -p payloads.txt

Arguments :
-u : It is required for URL input
-p : It is required for Payload file input
{xss} : It is a placeholder that the user should append after an equal to sign (=) in the url argument.

Live Usage

$ python3 xssearch.py -u https://ac121f0e1eb31ae5c0c9473f00f400f7.web-security-academy.net/?search={xss} -p payloads.txt

Above is the screenshot of the tool with live example.
Valid XSS exploits are marked with red alerts.
Invalid XSS exploits are marked with blue alerts.

Errors & Warnings
The following are some errors that might arise as a result of an incomplete command, not specifying arguments or not specifying placeholders.

Use the below command to get help

$ python3 xssearch.py -h


LICENSE

MIT-License


More suggestions and contributions are highly appreciated to make this tool better :)

STAY SAFE, ACT SMART

Hit Me Up

Twitter Instagram LinkedIn Website

You might also like...
Python Webscraping using Selenium

Web Scraping with Python and Selenium The code shows how to do web scraping using Python and Selenium. We use as data the https://sbot.org.br/localize

This file will contain a series of Python functions that use the Selenium library to search for elements in a web page while logging everything into a file

element_search with Selenium (Now With docstrings 😎 ) Just to mention, I'm a beginner to all this, so it it's very possible to make some mistakes The

Compiles python selenium script to be a Window's executable

Problem Statement Setting up a Python project can be frustrating for non-developers. From downloading the right version of python, setting up virtual

Automated tests for OKAY websites in Python (Selenium) - user friendly version

Okay Selenium Testy Aplikace určená k testování produkčních webů společnosti OKAY s.r.o. Závislosti K běhu aplikace je potřeba mít v počítači nainstal

Whatsapp messages bulk sender using Python Selenium.

Whatsapp Sender Whatsapp Sender automates sending of messages via Whatsapp Web. The tool allows you to send whatsapp messages in bulk. This program re

reCaptchaBypasser For Bypass Any reCaptcha For Selenium Python

reCaptchaBypasser ' Usage : from selenium import webdriver from reCaptchaBypasser import reCaptchaScraper import time driver = webdriver.chrome(execu

Percy visual testing for Python Selenium

percy-selenium-python Percy visual testing for Python Selenium. Installation npm install @percy/cli: $ npm install --save-dev @percy/cli pip install P

A Python Selenium library inspired by the Testing Library

Selenium Testing Library Slenium Testing Library (STL) is a Python library for Selenium inspired by Testing-Library. Dependencies Python 3.6, 3.7, 3.8

A simple Python script I wrote that scrapes NASA's James Webb Space Telescope tracker website using Selenium and returns its current status and location.

A simple Python script I wrote that scrapes NASA's James Webb Space Telescope tracker website using Selenium and returns its current status and location.

Comments
  • error: unrecognized arguments:

    error: unrecognized arguments:

    i have this issue : D:\BugHunter\XSSearch-main> python.exe xssearch.py -u https://xss-game.appspot.com/level1/frame?query={xss} -p payloads.txt DevTools listening on ws://127.0.0.1:50738/devtools/browser/55094a07-eb16-49ee-bcfd-f6b52fe21536 [0907/142057.264:ERROR:command_buffer_proxy_impl.cc(125)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer. usage: xssearch.py [-h] -u url.com/?s={xss} -p payloads.txt xssearch.py: error: unrecognized arguments: -encodedCommand eABzAHMA -inputFormat xml -outputFormat text

    OS = Windows 10

    opened by OVERPEY 0
Releases(v1.0)
Owner
Sathyaprakash Sahoo
Cyber Security Enthusiast Ethical Hacker Programmer
Sathyaprakash Sahoo
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 04, 2023
Selenium Page Object Model with Python

Page-object-model (POM) is a pattern that you can apply it to develop efficient automation framework.

Mohammad Ifran Uddin 1 Nov 29, 2021
py.test fixture for benchmarking code

Overview docs tests package A pytest fixture for benchmarking code. It will group the tests into rounds that are calibrated to the chosen timer. See c

Ionel Cristian Mărieș 1k Jan 03, 2023
Python tools for penetration testing

pyTools_PT python tools for penetration testing Please don't use these tool for illegal purposes. These tools is meant for penetration testing for leg

Gourab 1 Dec 01, 2021
An improbable web debugger through WebSockets

wdb - Web Debugger Description wdb is a full featured web debugger based on a client-server architecture. The wdb server which is responsible of manag

Kozea 1.6k Dec 09, 2022
Mock smart contracts for writing Ethereum test suites

Mock smart contracts for writing Ethereum test suites This package contains comm

Trading Strategy 222 Jan 04, 2023
RAT-el is an open source penetration test tool that allows you to take control of a windows machine.

To prevent RATel from being detected by antivirus, please do not upload the payload to TOTAL VIRUS. Each month I will test myself if the payload gets detected by antivirus. So you’ll have a photo eve

218 Dec 16, 2022
Descriptor Vector Exchange

Descriptor Vector Exchange This repo provides code for learning dense landmarks without supervision. Our approach is described in the ICCV 2019 paper

James Thewlis 74 Nov 29, 2022
Voip Open Linear Testing Suite

VOLTS Voip Open Linear Tester Suite Functional tests for VoIP systems based on voip_patrol and docker 10'000 ft. view System is designed to run simple

Igor Olhovskiy 17 Dec 30, 2022
Python Webscraping using Selenium

Web Scraping with Python and Selenium The code shows how to do web scraping using Python and Selenium. We use as data the https://sbot.org.br/localize

Luís Miguel Massih Pereira 1 Dec 01, 2021
masscan + nmap 快速端口存活检测和服务识别

masnmap masscan + nmap 快速端口存活检测和服务识别。 思路很简单,将masscan在端口探测的高速和nmap服务探测的准确性结合起来,达到一种相对比较理想的效果。 先使用masscan以较高速率对ip存活端口进行探测,再以多进程的方式,使用nmap对开放的端口进行服务探测。 安

starnightcyber 75 Dec 19, 2022
Show coverage stats online via coveralls.io

Coveralls for Python Test Status: Version Info: Compatibility: Misc: coveralls.io is a service for publishing your coverage stats online. This package

Kevin James 499 Dec 28, 2022
AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

6 Jan 28, 2022
User-oriented Web UI browser tests in Python

Selene - User-oriented Web UI browser tests in Python (Selenide port) Main features: User-oriented API for Selenium Webdriver (code like speak common

Iakiv Kramarenko 575 Jan 02, 2023
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

Brandon Galbraith 276 Mar 03, 2021
Python dilinin Selenium kütüphanesini kullanarak; Amazon, LinkedIn ve ÇiçekSepeti üzerinde test işlemleri yaptığımız bir case study reposudur.

Python dilinin Selenium kütüphanesini kullanarak; Amazon, LinkedIn ve ÇiçekSepeti üzerinde test işlemleri yaptığımız bir case study reposudur. LinkedI

Furkan Gulsen 8 Nov 01, 2022
Main purpose of this project is to provide the service to automate the API testing process

PPTester project Main purpose of this project is to provide the service to automate the API testing process. In order to deploy this service use you s

4 Dec 16, 2021
A simple asynchronous TCP/IP Connect Port Scanner in Python 3

Python 3 Asynchronous TCP/IP Connect Port Scanner A simple pure-Python TCP Connect port scanner. This application leverages the use of Python's Standa

70 Jan 03, 2023
reCaptchaBypasser For Bypass Any reCaptcha For Selenium Python

reCaptchaBypasser ' Usage : from selenium import webdriver from reCaptchaBypasser import reCaptchaScraper import time driver = webdriver.chrome(execu

Dr.Linux 8 Dec 17, 2022
Selenium Manager

SeleniumManager I'm fed up with always having to struggle unnecessarily when I have to use Selenium on a new machine, so I made this little python mod

Victor Vague 1 Dec 24, 2021