XSSearch - A comprehensive reflected XSS tool built on selenium framework in python

Related tags

Testinglinuxseleniumxsspython3chromedriverselenium-webdrivercommand-line-toolkali-linuxcross-site-scriptingreflectedreflect-xss
Overview

XSSearch

A Comprehensive Reflected XSS Scanner


XSSearch is a comprehensive reflected XSS tool with 3000+ Payloads for automating XSS attacks and validating XSS endpoints.

DISCLAIMER :

The XSSearch developer will not be held liable if the tool is used with harmful or criminal intent. Please use at your own risk. :)

USES :

  • XSSearch can be used to discover reflected Cross Site Scripting (XSS) vulnerabilities 
  • XSSearch is capable of validating XSS payloads.
  • XSSearch will facilitate in the automation of brute - force attack for the verification of reflected XSS.
  • Works on all Linux environment
  • This can also be used in penetration testing to evaluate sanitization strength.

FEATURES :

  • Contains more than 3000 payloads for XSS validation
  • Works on selenium framework & ChromeDriver
  • It is faster than other XSS tools since the code is very light and rapid.
  • The code and payloads can be modified according to the situation.

SETUP & INSTALLATION

XSSearch requires Selenium, ChromeDriver and Python to work smoothly on your system.

Installing Selenium

$ sudo apt update
$ pip3 install selenium

Installing Chrome Browser for Linux (Skip this if you already have Chrome browser on your Linux)

$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
$ sudo apt install ./google-chrome-stable_current_amd64.deb

You may use the command to start Chrome from your terminal.

$ google-chrome --no-sandbox

Downloading ChromeDriver

Go to https://chromedriver.chromium.org/downloads and get the linux 64 zipped version of ChromeDriver 80.0.3987.106.

Unzip the zip file. There will be a file for ChromeDriver. Open terminal on the same location and use the following command.

$ sudo chmod +x chromedriver
$ sudo mv -f chromedriver /usr/bin/chromedriver

USAGE

XSSearch is a command line tool that uses a single command line instruction for simple and speedy execution.
Note : This tool will only work on url which has a input paramter in the url. Example : www[.]target[.]com/?xyz=

$ python3 xssearch.py -u url.com/?s={xss} -p payloads.txt

Arguments :
-u : It is required for URL input
-p : It is required for Payload file input
{xss} : It is a placeholder that the user should append after an equal to sign (=) in the url argument.

Live Usage

$ python3 xssearch.py -u https://ac121f0e1eb31ae5c0c9473f00f400f7.web-security-academy.net/?search={xss} -p payloads.txt

Above is the screenshot of the tool with live example.
Valid XSS exploits are marked with red alerts.
Invalid XSS exploits are marked with blue alerts.

Errors & Warnings
The following are some errors that might arise as a result of an incomplete command, not specifying arguments or not specifying placeholders.

Use the below command to get help

$ python3 xssearch.py -h

LICENSE

MIT-License

More suggestions and contributions are highly appreciated to make this tool better :)

STAY SAFE, ACT SMART

Hit Me Up

Twitter Instagram LinkedIn Website

You might also like...
Python Webscraping using Selenium

Web Scraping with Python and Selenium The code shows how to do web scraping using Python and Selenium. We use as data the https://sbot.org.br/localize

Luís Miguel Massih Pereira 1 Dec 1, 2021
This file will contain a series of Python functions that use the Selenium library to search for elements in a web page while logging everything into a file

element_search with Selenium (Now With docstrings 😎 ) Just to mention, I'm a beginner to all this, so it it's very possible to make some mistakes The

null 2 Aug 12, 2021
Compiles python selenium script to be a Window's executable

Problem Statement Setting up a Python project can be frustrating for non-developers. From downloading the right version of python, setting up virtual

Jerry Ng 8 Jan 9, 2023
Automated tests for OKAY websites in Python (Selenium) - user friendly version

Okay Selenium Testy Aplikace určená k testování produkčních webů společnosti OKAY s.r.o. Závislosti K běhu aplikace je potřeba mít v počítači nainstal

Viktor Bem 0 Oct 1, 2022
Whatsapp messages bulk sender using Python Selenium.

Whatsapp Sender Whatsapp Sender automates sending of messages via Whatsapp Web. The tool allows you to send whatsapp messages in bulk. This program re

Yap Yee Qiang 3 Jan 23, 2022
reCaptchaBypasser For Bypass Any reCaptcha For Selenium Python

reCaptchaBypasser ' Usage : from selenium import webdriver from reCaptchaBypasser import reCaptchaScraper import time driver = webdriver.chrome(execu

Dr.Linux 8 Dec 17, 2022
Percy visual testing for Python Selenium

percy-selenium-python Percy visual testing for Python Selenium. Installation npm install @percy/cli: $ npm install --save-dev @percy/cli pip install P

Percy 9 Mar 24, 2022
A Python Selenium library inspired by the Testing Library

Selenium Testing Library Slenium Testing Library (STL) is a Python library for Selenium inspired by Testing-Library. Dependencies Python 3.6, 3.7, 3.8

Anže Pečar 12 Dec 26, 2022
A simple Python script I wrote that scrapes NASA's James Webb Space Telescope tracker website using Selenium and returns its current status and location.

A simple Python script I wrote that scrapes NASA's James Webb Space Telescope tracker website using Selenium and returns its current status and location.

null 9 Feb 10, 2022
Comments
  • error: unrecognized arguments:

    error: unrecognized arguments:

    i have this issue : D:\BugHunter\XSSearch-main> python.exe xssearch.py -u https://xss-game.appspot.com/level1/frame?query={xss} -p payloads.txt DevTools listening on ws://127.0.0.1:50738/devtools/browser/55094a07-eb16-49ee-bcfd-f6b52fe21536 [0907/142057.264:ERROR:command_buffer_proxy_impl.cc(125)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer. usage: xssearch.py [-h] -u url.com/?s={xss} -p payloads.txt xssearch.py: error: unrecognized arguments: -encodedCommand eABzAHMA -inputFormat xml -outputFormat text

    OS = Windows 10

    opened by OVERPEY 0
Releases(v1.0)
Owner
Sathyaprakash Sahoo
Cyber Security Enthusiast Ethical Hacker Programmer
Sathyaprakash Sahoo
GitHub Repository
AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

6 Jan 28, 2022
Percy visual testing for Python Selenium

percy-selenium-python Percy visual testing for Python Selenium. Installation npm install @percy/cli: $ npm install --save-dev @percy/cli pip install P

Percy 9 Mar 24, 2022
Coverage plugin for pytest.

Overview docs tests package This plugin produces coverage reports. Compared to just using coverage run this plugin does some extras: Subprocess suppor

pytest-dev 1.4k Dec 29, 2022
Doggo Browser

Doggo Browser Quick Start $ python3 -m venv ./venv/ $ source ./venv/bin/activate $ pip3 install -r requirements.txt $ ./sobaki.py References Heavily I

Alexey Kutepov 9 Dec 12, 2022
Argument matchers for unittest.mock

callee Argument matchers for unittest.mock More robust tests Python's mocking library (or its backport for Python 3.3) is simple, reliable, and easy

Karol Kuczmarski 77 Nov 03, 2022
a wrapper around pytest for executing tests to look for test flakiness and runtime regression

bubblewrap a wrapper around pytest for assessing flakiness and runtime regressions a cs implementations practice project How to Run: First, install de

Anna Nagy 1 Aug 05, 2021
Webscreener is a tool for mass web domains pentesting.

Webscreener is a tool for mass web domains pentesting. It is used to take snapshots for domains that is generated by a tool like knockpy or Sublist3r. It cuts out most of the pentesting time by scree

Seekurity 3 Jun 07, 2021
pytest splinter and selenium integration for anyone interested in browser interaction in tests

Splinter plugin for the pytest runner Install pytest-splinter pip install pytest-splinter Features The plugin provides a set of fixtures to use splin

pytest-dev 238 Nov 14, 2022
A tool to auto generate the basic mocks and asserts for faster unit testing

Mock Generator A tool to generate the basic mocks and asserts for faster unit testing. 🎉 New: you can now use pytest-mock-generator, for more fluid p

31 Dec 24, 2022
Rerun pytest when your code changes

A simple watcher for pytest Overview pytest-watcher is a tool to automatically rerun pytest when your code changes. It looks for the following events:

Olzhas Arystanov 74 Dec 29, 2022
Test python asyncio-based code with ease.

aiounittest Info The aiounittest is a helper library to ease of your pain (and boilerplate), when writing a test of the asynchronous code (asyncio). Y

Krzysztof Warunek 55 Oct 30, 2022
Python tools for penetration testing

pyTools_PT python tools for penetration testing Please don't use these tool for illegal purposes. These tools is meant for penetration testing for leg

Gourab 1 Dec 01, 2021
Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)

Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)

Leon 3.5k Dec 30, 2022
Python package to easily work with selenium and manage tabs effectively.

Simple Selenium The aim of this package is to quickly get started with working with selenium for simple browser automation tasks. Installation Install

Vishal Kumar Mishra 1 Oct 27, 2021
Python Testing Crawler 🐍 🩺 🕷️ A crawler for automated functional testing of a web application

Python Testing Crawler 🐍 🩺 🕷️ A crawler for automated functional testing of a web application Crawling a server-side-rendered web application is a

70 Aug 07, 2022
A modern API testing tool for web applications built with Open API and GraphQL specifications.

Schemathesis Schemathesis is a modern API testing tool for web applications built with Open API and GraphQL specifications. It reads the application s

Schemathesis.io 1.6k Jan 06, 2023
A Proof of concept of a modern python CLI with click, pydantic, rich and anyio

httpcli This project is a proof of concept of a modern python networking cli which can be simple and easy to maintain using some of the best packages

Kevin Tewouda 17 Nov 15, 2022
FakeDataGen is a Full Valid Fake Data Generator.

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts (in Spanish format) with fully valid data. Within this in

Joel GM 64 Dec 12, 2022
fsociety Hacking Tools Pack – A Penetration Testing Framework

Fsociety Hacking Tools Pack A Penetration Testing Framework, you will have every script that a hacker needs. Works with Python 2. For a Python 3 versi

Manisso 8.2k Jan 03, 2023
Wraps any WSGI application and makes it easy to send test requests to that application, without starting up an HTTP server.

WebTest This wraps any WSGI application and makes it easy to send test requests to that application, without starting up an HTTP server. This provides

Pylons Project 325 Dec 30, 2022