Traxss
Kang Asu
Traxss - Automated XSS Vulnerability Scanner
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless
Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan.
Getting Started
Prerequisites
Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:
Installation
Run the command:
Running Traxss
Traxx can be started with the command:
Types of Scans
Full Scan w/ HTML
Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta).
Full Scan w/o HTML
This scan will run the query scan only.
Fast Scan w/ HTML
This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.
Fast Scan w/o HTML
This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.
Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan.
Getting Started
Prerequisites
Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:
brew install cask chromedriverInstallation
Run the command:
pip3 install -r requirements.txtRunning Traxss
Traxx can be started with the command:
python3 traxss.pyTypes of Scans
Full Scan w/ HTML
Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta).
Full Scan w/o HTML
This scan will run the query scan only.
Fast Scan w/ HTML
This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.
Fast Scan w/o HTML
This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.
Regards
Kang Asu
