/XSSploit

A utility tool for testing website with possible Xss vuln its under beta

Primary LanguagePythonMIT LicenseMIT

XSSploit

XSSploit is a Python-based tool designed to identify and test vulnerabilities related to Cross-Site Scripting (XSS) in web applications. The tool currently supports testing for three types of XSS vulnerabilities:

  • Reflected XSS
  • Stored XSS
  • DOM-based XSS

XSSploit is in its beta version and is under active development, with more features planned for future releases.

image

Features

  • Web Crawling: Crawls websites up to a user-defined depth to discover forms and input fields.
  • Targeted XSS Testing:
    • Reflected XSS detection
    • Stored XSS testing
    • DOM-based XSS manual testing
  • Payload Management: Load payloads from a customizable text file for flexible testing.
  • Easy-to-Use Interface: Simple prompts guide users through the process of testing vulnerabilities.

Installation

  1. Clone the repository: 
    git clone https://github.com/Binary-Assassin/XSSploit.git
cd XSSploit
pip install -r requirements.txt
python xsstest.py

Usage

  1. Launch the tool: 
    python xssploit.py
  2. Enter the required inputs when prompted:
  • Base URL: The starting URL for web crawling.
  • Crawling Depth: Depth for crawling links and forms.

image

  1. Choose the type of XSS to test:
  • 1: Reflected XSS
  • 2: Stored XSS
  • 3: DOM-based XSS
  • 4: Test all XSS types

image image

  1. Follow the results to analyze vulnerabilities:
  • For Reflected and Stored XSS: The tool tests and outputs vulnerabilities found.
  • For DOM-based XSS: URLs are generated for manual testing in a browser.
  1. View the findings report:
    • After running the tool, findings are saved in a file located in the documentation folder.
    • The file name is formatted as findings_<timestamp>.txt.
    • Open the file to analyze the detected vulnerabilities and generated test URLs.

About the Project