XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts
Cross-Site Scripting (XSS) is a single of the most perfectly acknowledged website software vulnerabilities. It even has a focused chapter in the OWASP Prime 10 venture and it is a highly chased vulnerability in bug bounty plans.
The scanner gets a website link from the person and scan the website for XSS vulnerability by injecting destructive scripts at the input spot. The injection occurs in headless browser named Chromium and managed by Puppeteer automation.
It operates in two measures:
- Obtain the concentrate on: In this very first action, the software tries to determine all the sites at the website page including injectable parameters in kinds, URLs, headers, and many others.
- Exam for XSS: For every position uncovered in the previous step, the scanner will test to detect if the parameters are vulnerable to Cross-Web site Scripting. The software injects a piece of JavaScript code, like some particular HTML figures (>, <, ", ') and it will try to see if they are returned in the response page without sanitization. If the tool detects at least one vulnerability, it will return that the website have XSS vulnerability.
Technologies
- Puppeteer
- Javascript
- NodeJS
- Express
How to install
Clone the repository:
git clone https://github.com/MariaGarber/XSS-Scanner.git
Enter the clonned folder:
cd XSS-Scanner
Install the dependencies:
npm install
Run the application:
npm start
Open the browser at http://localhost:4000/
