CheXSS is a Python tool for detecting Cross-Site Scripting (XSS) vulnerabilities in web applications for implementing effective filters.
CheXSS searches for HTML inputs such as form inputs, and iterates various payloads from a wordlist to understand if the web application would be vulnerable to such an attack.
The first version of this tool aims to at least identify vulnerabilities in form fields that display on the same page. This is a good starting point and will serve as an effective proof of conecept.
Future plans include, but are not restricted to:
- Identifying stored XSS located on separate pages in the same app
- Identifying XSS through URL parameters
- Identifying execution sinks in JS code for DOM based XSS
- Pinpointing exact security flaw and suggesting effective filter
For more information about the technologies in use, refer to CONTRIBUTING.md
This tool WILL attempt malicious code against a web application, so use it only in situations where you have the appropriate permissions. The author and organization do not bear any responsibility in cases of unauthorized or malicious use.
To be decided