automatically crawl every URL and find cross site scripting (XSS)

Last update: Sep 24, 2022

Overview

scancss

Fastest tool to find XSS.

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.

Main Features

Reflected XSS scanning
Blind xss find
Crawling all links on a website
POST and GET forms are supported
Advanced error handling
Multiprocessing support

Documentation

install

git clone https://github.com/thenurhabib/scancss.git
cd scancss
python -m pip install -r requirements.txt
python3 scancss.py --help

Usage

======================================================================== 
usage: scancss -u <target> [options]

Options:
  --help            Show usage and help parameters
  -u                Target url (e.g. http://example.com)                                                      
  --depth           Depth web page to crawl. Default: 2                                                       
  --payload-level   Level for payload Generator, 7 for custom payload. {1...6}. Default: 6                    
  --payload         Load custom payload directly (e.g. <script>alert(2005)</script>)                          
  --method          Method setting(s):                                                                        
                        0: GET                                                                                
                        1: POST                                                                               
                        2: GET and POST (default)                                                             
  --user-agent      Request user agent (e.g. Chrome/2.1.1/...)                                                
  --single          Single scan. No crawling just one address                                                 
  --proxy           Set proxy (e.g. {'https':'https://10.10.1.10:1080'})                                      
  --about           Print information about scancss tool                                                      
  --cookie          Set cookie (e.g {'ID':'12464476836'})                                                      
                                                                                                              
========================================================================

Author

Name       : Md. Nur habib
Medium     : thenurhabib.medium.com
Twitter    : https://twitter.com/thenurhab1b
HackerRank : https://www.hackerrank.com/thenurhabib

Thank You.

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

43 Dec 23, 2022

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p

12 Nov 9, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

187 Jan 3, 2023

A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

41 Nov 22, 2022

Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

5 Nov 9, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

1 Dec 15, 2021

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

1 Jan 5, 2022

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.

96 Dec 20, 2022

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel

8 Sep 3, 2022

Comments

ModuleNotFoundError: No module named 'click'

As you can see in the screenshot its showing an error called "ModuleNotFoundError" it is because you didnt add the "click" python module in the requirements.txt. Please consider adding this click module in requirements.txt and kindly forgive my horrible English.

Thanks.

opened by BDhackers009 1
The Crawler Don't Catch POST Parameters

Dear Developer,,

Thank you for building this automation tool after some scanning and testing for the tool with crawling mode and with single scan i touch that the tool don't grab all the parameters specially the one's comes with POST requests

the tool don't catch the POST parameters comes inside categories filters

if you can update the crawler it will be great

opened by Moskitoz 0

json.decoder.JSONDecodeError while supplying cookies

the tool is throwing errors while supplying the cookie like so :

[03:37:11] [INFO] --scancss
***************
Traceback (most recent call last):
  File "/opt/websecurity/scancss/scancss.py", line 114, in <module>
    start()
  File "/opt/websecurity/scancss/scancss.py", line 92, in start
    core.main(getopt.u, getopt.proxy, getopt.user_agent,
  File "/opt/websecurity/scancss/core.py", line 194, in main
    self.session = session(proxy, headers, cookie)
  File "/opt/websecurity/scancss/helper.py", line 39, in session
    requestVariable.cookies.update(json.loads(cookie))
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)                                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode                                                             
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode                                                         
    raise JSONDecodeError("Expecting value", s, err.value) from None                                                          
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

opened by surya-dev-singh 0

automatically crawl every URL and find cross site scripting (XSS)

Related tags

Overview

scancss

Fastest tool to find XSS.

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.

Main Features

Documentation

install

Usage

Author

Thank You.

You might also like...

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

A piece of software that shows a traceroute of a URL redirect path

Python script that sends CVE-2021-44228 log4j payload requests to url list

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

Comments

ModuleNotFoundError: No module named 'click'

The Crawler Don't Catch POST Parameters

json.decoder.JSONDecodeError while supplying cookies

the tool is throwing errors while supplying the cookie like so :

Releases(v1.0.0)

v1.0.0(Mar 13, 2022)

Owner

Md. Nur habib

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

2021hvv漏洞汇总

Grafana-POC(CVE-2021-43798)

SSH Tool For OSINT and then Cracking.

SubFind - Subdomain Finder Tools

Phishing-Crack tools to punish friends

Chapter 1 of the AWS Cookbook

A Simple File Encryptor/Decryptor

IDA plugin for quickly copying disassembly as encoded hex bytes

Hack computer in the form of RAR files from all types of clients, even Linux

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

一款针对向日葵的识别码和验证码提取工具

Discord exploit allowing you to be unbannable.

Lightweight and beneficial Dependency Injection plugin for apscheduler

Pgen is the best brute force password generator and it is improved from the cupp.py

CVE-2021-43798Exp多线程批量验证脚本

A proxy for asyncio.AbstractEventLoop for testing purposes

Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's for connected iDevice

Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python.