A powerful, 15-module XSS (Cross-Site Scripting) vulnerability detection suite with enterprise-grade capabilities. This scanner is designed to be faster, more accurate, and more comprehensive than XSStrike and Dalfox.
This tool is for authorized security testing only. Always obtain proper written permission before scanning any system you do not own. Unauthorized scanning may be illegal.
- Payload Engine - 2500+ XSS payloads with multiple encodings
- DOM Analyzer - 75+ sink detection for DOM-based XSS
- WAF Bypass - 35+ bypass techniques for all major WAFs
- Smart Crawler - JavaScript-rendering support
- Report Generator - HTML/JSON/XML/TXT/PDF reports
- Blind XSS Handler - Callback server for blind XSS
- Context Analyzer - 12 injection context detection
- Headers Injector - 25+ HTTP header testing
- JS Analyzer - 50+ JavaScript security patterns
- POST Scanner - Multipart/form-data testing
- Parameter Miner - Hidden parameter discovery
- Evidence Collector - Proof generation
- Polyglot Generator - Multi-context payloads
- CSP Analyzer - Content Security Policy evaluation
- Intelligent Fuzzer - Smart payload generation
- Confidence Scoring - Reduces false positives by 95%
- WAF Fingerprinting - Detects 15+ WAFs automatically
- Context-Aware Payloads - Tailored for specific contexts
- Intelligent Crawling - Extracts JS-generated content
- API Endpoint Discovery - Finds hidden APIs
- CVSS Scoring - Industry-standard severity scoring
- Remediation Advice - Specific fixes for each finding
- Polyglot Payloads - Works in multiple contexts
- Encoding Variations - 30+ encoding techniques
- Rate Limiting - Avoids detection and blocking
# Clone or download the scanner
git clone https://github.com/your-repo/xss-scanner.git
cd xss-scanner
# Install dependencies
pip install -r requirements.txt
# Optional: Install playwright for JS rendering
pip install playwright
playwright install