XSScrapy - Fast, thorough XSS vulnerability spider
Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities.
XSS attack vectors xsscrapy will test
- Referer header (way more common than I thought it would be!)
- User-Agent header
- Cookie header (added 8/24/14)
- Forms, both hidden and explicit
- URL variables
- End of the URL, e.g. www.example.com/
- Open redirect XSS, e.g. looking for links where it can inject a value of javascript:prompt(1)
- Other headers
- Persistent XSS’s reflected in pages other than the immediate response page
- DOM XSS
- CAPTCHA protected forms
- AJAX
Because Scrapy is not a browser, it will not render javascript so if you’re scanning a site that’s heavily built on AJAX this scraper will not be able to travel to all the available links. I will look into adding this functionality in the future although it is not a simple task.
From within the main folder run:
./xsscrapy.py -u http://something.com
If you wish to login then crawl:./xsscrapy.py -u http://something.com/login_page -l loginname -p pa$$word
Output is stored in XSS-vulnerable.txt.