Git Product home page Git Product logo

xsscheck's Introduction

This Bash script is designed to scan a list of domains for Cross-Site Scripting (XSS) vulnerabilities using specified payloads. The script automates the process of injecting XSS payloads into URLs found via Wayback Machine and checking for vulnerabilities.

USAGE

./xss_scanner.sh domain_file payload_file

Tool

domain_file: A file containing a list of domains to be scanned, one domain per line.
payload_file: A file containing XSS payloads, one payload per line.

Requirements

Ensure the following tools are installed and accessible in your PATH:

waybackurls: Fetches URLs from the Wayback Machine.
qsinject: Injects query strings into URLs.
freq: Analyzes and identifies potential XSS vulnerabilities.

Note: False Positives

This tool may generate false positive results. I am actively working on improving its accuracy.

  • False positives occur when the tool incorrectly identifies vulnerabilities that do not actually exist.
  • Feedback and suggestions are welcome to help refine the tool and reduce false positives.

If you encounter false positives or have ideas for improvement, please open an [issue] or [contribute]to the project.

Thank you for your understanding and support!

xsscheck's People

Contributors

v3daxt avatar

Stargazers

Abhishek Shinde avatar Ketan Ingale avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.