Skip to content

Xss-scanner, kullanıcıdan aldığı url içeriğindeki formu taramak için, sitedeki tum html'i bs4 ve request yardimiyla ceker ve de duzenler. Ardindan html icerisinden form kismini alir, onun icerisinden de input taglarini ceker...

Notifications You must be signed in to change notification settings

mertbingol0/xss-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 

Repository files navigation

Xss-scanner retrieves and organizes all the necessary HTML for a website to scan forms within the URL content entered by the user using bs4 and request. It then retrieves the form section from the HTML and extracts the input tags within it. It also retrieves the parameters within these input tags. Finally, it performs some operations on these parameters and runs the XSS payload in the input parameter of the search bar within the form. To check if the XSS payload runs within the content of the site, it retrieves the site content and searches for the XSS payload ("<script>alert(1)</script>"). If the payload is found within the content, it gives us a notification saying "Vulnerability detected".

Note: This script only works on http://testphp.vulnweb.com/. If you want to try it on other sites, you need to modify the script according to the site. For this, I have left explanations in the comments about what is happening in which line.

About

Xss-scanner, kullanıcıdan aldığı url içeriğindeki formu taramak için, sitedeki tum html'i bs4 ve request yardimiyla ceker ve de duzenler. Ardindan html icerisinden form kismini alir, onun icerisinden de input taglarini ceker...

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages