XSSSNIPER - An Automatic XSS Discovery Tool
XSSSNIPER is an handy xss discovery tool with mass scanning functionalities.
Usage:
Usage: xsssniper.py [options]
Options:
-h, --help show this help message and exit
-u URL, --url=URL target URL
--post try a post request to target url
--data=POST_DATA post data to use
--threads=THREADS number of threads
--http-proxy=HTTP_PROXY
scan behind given proxy (format: 127.0.0.1:80)
--tor scan behind default Tor
--crawl crawl target url for other links to test
--forms crawl target url looking for forms to test
--user-agent=USER_AGENT
provide an user agent
--random-agent perform scan with random user agents
--cookie=COOKIE use a cookie to perform scans
--dom basic heuristic to detect dom xss
Examples:
Scanning a single url with GET params:
$ python xsssniper.py -u "http://target.com/index.php?page=test"
Scanning a single url with POST params:$ python xsssniper.py -u "http://target.com/index.php" --post --data=POST_DATA
Crawl a single url looking for forms to scan:$ python xsssniper.py -u "http://target.com" --forms
Mass scan an entire website:$ python xsssniper.py -u "http://target.com" --crawl
Mass scan an entire website forms included:$ python xsssniper.py -u "http://target.com" --crawl --forms
Analyze target page javascripts (embedded and linked) to search for common sinks and sources:$ python xsssniper.py -u "http://target.com" --dom
XSSSNIPER - An Automatic XSS Discovery Tool
Reviewed by Zion3R
on
10:23 AM
Rating:
![XSSSNIPER - An Automatic XSS Discovery Tool](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrrKaa2C3dqzBMoh4El5Sl94HNxfS1gbXMJCKpabgfi5UYHJG-7T4O2NSEcPGaLiKSoyomUeoOjfcxwZKVg2Vz2EpKRmoDOxVan1adzwGvUzYKUQgxTuxrXFsPWj_nQkJYjA8PjWON3dE/s72-c/xsssniper.png)