automatically crawl every URL and find cross site scripting (XSS)

Related tags

Security related resourceslinuxhackingxssxss-vulnerabilitybugbountytermuxxss-scannerxss-exploitationxss-detectionxss-attacks
Overview



scancss

Fastest tool to find XSS.

multiple xss

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.


Main Features

  • Reflected XSS scanning
  • Blind xss find
  • Crawling all links on a website
  • POST and GET forms are supported
  • Advanced error handling
  • Multiprocessing support

multiple xss


Documentation

install

git clone https://github.com/thenurhabib/scancss.git
cd scancss
python -m pip install -r requirements.txt
python3 scancss.py --help

Usage

======================================================================== 
usage: scancss -u <target> [options]

Options:
  --help            Show usage and help parameters
  -u                Target url (e.g. http://example.com)                                                      
  --depth           Depth web page to crawl. Default: 2                                                       
  --payload-level   Level for payload Generator, 7 for custom payload. {1...6}. Default: 6                    
  --payload         Load custom payload directly (e.g. <script>alert(2005)</script>)                          
  --method          Method setting(s):                                                                        
                        0: GET                                                                                
                        1: POST                                                                               
                        2: GET and POST (default)                                                             
  --user-agent      Request user agent (e.g. Chrome/2.1.1/...)                                                
  --single          Single scan. No crawling just one address                                                 
  --proxy           Set proxy (e.g. {'https':'https://10.10.1.10:1080'})                                      
  --about           Print information about scancss tool                                                      
  --cookie          Set cookie (e.g {'ID':'12464476836'})                                                      
                                                                                                              
========================================================================

multiple xss

Author

Name       : Md. Nur habib
Medium     : thenurhabib.medium.com
Twitter    : https://twitter.com/thenurhab1b
HackerRank : https://www.hackerrank.com/thenurhabib
Thank You.
You might also like...
edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

stryngs 43 Dec 23, 2022
Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p

Zahir Tariq 12 Nov 9, 2022
Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 3, 2023
A piece of software that shows a traceroute of a URL redirect path
A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

null 41 Nov 22, 2022
Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

elyesa 5 Nov 9, 2022
Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

Glaukio 1 Jan 5, 2022
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.

hashlookup 96 Dec 20, 2022
NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains
NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel

null 8 Sep 3, 2022
Comments
  • ModuleNotFoundError: No module named 'click'

    ModuleNotFoundError: No module named 'click'

    IMG_20220314_012833

    As you can see in the screenshot its showing an error called "ModuleNotFoundError" it is because you didnt add the "click" python module in the requirements.txt. Please consider adding this click module in requirements.txt and kindly forgive my horrible English.

    Thanks.

    opened by BDhackers009 1
  • The Crawler Don't Catch POST Parameters

    The Crawler Don't Catch POST Parameters

    Dear Developer,,

    Thank you for building this automation tool after some scanning and testing for the tool with crawling mode and with single scan i touch that the tool don't grab all the parameters specially the one's comes with POST requests

    the tool don't catch the POST parameters comes inside categories filters

    if you can update the crawler it will be great

    opened by Moskitoz 0
  • json.decoder.JSONDecodeError while supplying cookies

    json.decoder.JSONDecodeError while supplying cookies

    the tool is throwing errors while supplying the cookie like so :

    [03:37:11] [INFO] --scancss
***************
Traceback (most recent call last):
  File "/opt/websecurity/scancss/scancss.py", line 114, in <module>
    start()
  File "/opt/websecurity/scancss/scancss.py", line 92, in start
    core.main(getopt.u, getopt.proxy, getopt.user_agent,
  File "/opt/websecurity/scancss/core.py", line 194, in main
    self.session = session(proxy, headers, cookie)
  File "/opt/websecurity/scancss/helper.py", line 39, in session
    requestVariable.cookies.update(json.loads(cookie))
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)                                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode                                                             
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode                                                         
    raise JSONDecodeError("Expecting value", s, err.value) from None                                                          
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
    opened by surya-dev-singh 0
Releases(v1.0.0)
Owner
Md. Nur habib
Programmer | System Administrator | Blogger
Md. Nur habib
GitHub Repository
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte

hashlookup 96 Dec 20, 2022
Password List Maker

Red-Key Red-Key Password List Maker Version 1.1.2 Created By FireKing255 -=Features=- Create Random Password List Create Password List Create Password

FireKing255 7 Dec 26, 2021
Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

CLOME TO TOOLS ME 😁 FITUR TOOLS RESULTS INSTALASI ____/-- INSTALLASI /+/+/+/ t

Jeeck X Nano 3 Jan 08, 2022
python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

1frame 266 Jan 02, 2023
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE 🍺 , use it commercial

c3rb3ru5 103 Dec 18, 2022
A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

Moondog 2 Nov 16, 2021
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 ("HTTP Protocol Stack Remote Cod

Axel Souchet 820 Dec 18, 2022
A local Socks5 server written in python, used for integrating Multi-hop

proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

4 Feb 24, 2022
hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021
A Python tool to automate some dorking stuff to find information disclosures.

WebDork v1.0.3 A open-source tool to find publicly available sensitive information about Companies/Organisations! WebDork A Python tool to automate so

Rahul rc 123 Jan 08, 2023
Laravel RCE (CVE-2021-3129)

CVE-2021-3129 - Laravel RCE About The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability. This script allows you to wri

Joshua van der Poll 21 Dec 27, 2022
USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

Binary.club 2 Jan 24, 2022
Domain abuse scanner covering domainsquatting and phishing keywords.

🦷 monodon 🐋 Domain abuse scanner covering domainsquatting and phishing keywords. Setup Monodon is a Python 3.7+ programm. To setup on a Linux machin

2 Mar 15, 2022
pybotnet - A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel

pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this

</oNion 181 Jan 02, 2023
S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

CVE-2021-31805 Remote code execution S2-062 (CVE-2021-31805) Due to Apache Struts2's incomplete fix for S2-061 (CVE-2020-17530), some tag attributes c

warin9 31 Nov 22, 2022
Lightweight and beneficial Dependency Injection plugin for apscheduler

Implementation of dependency injection for apscheduler Prerequisites: apscheduler-di solves the problem since apscheduler doesn't support Dependency I

Glib 11 Dec 07, 2022
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou

B. Blechschmidt 2.5k Jan 07, 2023
PoC for CVE-2021-26855 -Just a checker-

CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C

Abdullah AlZahrani 17 Dec 22, 2022
Scan publicly accessible assets on your AWS cloud environment

poro Description Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databas

9rnt 134 Dec 16, 2022