Today, I will be showing you how to automatically test for Cross-Site-Scripting vulnerabilities with a tool I made called xsspwn.
How does it work?
Xsspwn is a Cross-Site-Scripting Testing tool, It will attempt to Inject payloads into a parameter for testing and when the scan finishes it will output all the potential Injections found.
Sometimes, you need to login before you start testing, xsspwn has the option to brute force the login credentials to the scan for potential xss vulnerabilities.
The tool can be download from git hub.
to install it type:
- There is no need for tor, I had problems with that implemented.
- I fixed a bug where it said it only found 2 Injections.