Cross Site Scripting Discovery With XSSPwn

Today, I will be showing you how to automatically test for Cross-Site-Scripting vulnerabilities with a tool I made called xsspwn.

How does it work?

Xsspwn is a Cross-Site-Scripting Testing tool, It will attempt to Inject payloads into a parameter for testing and when the scan finishes it will output all the potential Injections found.

Scan output


Brute forcing

Sometimes, you need to login before you start testing, xsspwn has the option to brute force the login credentials to the scan for potential xss vulnerabilities.

Bruteforce Output


Injections Output


The tool can be download from git hub.

Download it:

git clone

to install it type:


Bug Fixes

  • There is no need for tor, I had problems with that implemented.
  • I fixed a bug where it said it only found 2 Injections.


Leave a Reply