- Reflected XSS detection
- DOM-based XSS detection
- Context-aware payload injection
- Smart payload generation
- Automatic WAF detection
- WAF bypass techniques
- Headless & visible browser scanning (Playwright)
- Professional reports (HTML / PDF / JSON)
python main.py "https://example.com/search?q=" -w cloudflare
python main.py "https://testphp.vulnweb.com/artists.php?artist=" -v
⸻
⚙️ Installation
git clone https://github.com/Irfan430/xss_scanner
cd xss_scanner
pip install -r requirements.txt
playwright install chromium
⸻
🧪 Usage
python main.py "https://portswigger-labs.net/xss/xss.php?x="
python main.py "https://portswigger-labs.net/xss/xss.php?x=" -w cloudflare
python main.py "https://portswigger-labs.net/xss/xss.php?x=" -v
python main.py "https://portswigger-labs.net/xss/xss.php?x=" -p config/payloads/cloudfront.txt
⸻
📌 Notes
Target URL must contain an injection parameter
✔ ?param=
✘ ?param=test
⸻
📸 Screenshots
<img src="https://raw.githubusercontent.com/Irfan430/xss_scanner/main/assets/xss_scanner.png" width="600"/>
<img src="https://raw.githubusercontent.com/Irfan430/xss_scanner/main/assets/prueba_xss.png" width="600"/>
<img src="https://raw.githubusercontent.com/Irfan430/xss_scanner/main/assets/reporte_html.png" width="600"/>
<img src="https://raw.githubusercontent.com/Irfan430/xss_scanner/main/assets/reporte_json.png" width="600"/>
<img src="https://raw.githubusercontent.com/Irfan430/xss_scanner/main/assets/reporte_pdf.png" width="600"/>
---
## ⚠️ Ethical Usage
- Systems you own
- Targets with explicit permission
- Authorized penetration tests
- Bug bounty programs
Unauthorized use is illegal and unethical.
⸻
🧩 Supported Platforms
OS Version Status
Kali Linux 2025.1 Stable
Parrot Security OS 6.2 Stable
Windows 11 Stable
BackBox 9 Stable
Arch Linux 2024.12.01 Stable
⸻
📜 License
MIT License
See the LICENSE file for details.
⸻
<p align="center">© 2025 • XSS Scanner Tool</p>