This tool is designed to help hackers identify and exploit cross-site scripting (XSS) vulnerabilities in web applications. XSS vulnerabilities occur when an application includes user-supplied data in its responses without properly sanitizing it, allowing an attacker to inject malicious code into the response that is then executed by the victim's browser.
Python 3.6 or newer requests library (install with pip install requests)
To install the XSS automation tool, follow these steps: Download or clone the repository from GitHub.
git clone https://github.com/EmperialX/XSS-Automation-Tool.git
Install the required libraries by running
pip install requests schedule asyncio html
To use the XSS automation tool, run the following command:
python xss_scanner.py http://example.com xss_payloads.txt reflected url get base64
create own payloads to a text file:
xss_payloads = [
<scripts@example>
]
with open('xss_payloads.txt', 'w') as f:
for payload in xss_payloads:
f.write(payload + '\n')
This is create xss_payload.txt file
Make sure to provide the correct values for each argument. For example, payloads_file should be the name of a file containing a list of payloads to test, vuln_type should be either reflected or persistent, injection_point should be either url, header, cookie, or javascript, http_method should be either get or post, and encoding should be either base64, url, or html.
XSS attacks were first reported in 1995, and have since become more common and sophisticated. This Tools can also be used to protect websites and users from these attacks.
This tool is intended for educational and testing purposes only. It is not intended to be used for unethical or illegal activities. Use at your own risk.
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! If you have an idea for a new feature or have found a bug, please open an issue or submit a pull request.
Shashi Raj - Initial work @EmperailX