Skip to content

bigzooooz/XSScanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github
.github
 
 
SCAN
SCAN
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
XSScanner.py
XSScanner.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Python 3.6 Python 3.6 GitHub All Releases

\ \ / // ____/ ____|                                
 \ V /| (___| (___   ___ __ _ _ __  _ __   ___ _ __ 
  > <  \___ \\___ \ / __/ _` | '_ \| '_ \ / _ \ '__|
 / . \ ____) |___) | (_| (_| | | | | | | |  __/ |   
/_/ \_\_____/_____/ \___\__,_|_| |_|_| |_|\___|_|  

   Scanning PHP Files for XSS Vulnerabilities Never Been Any Easier!

Current Version: 1.3.0

Installation:

  1. git clone https://github.com/bigzooooz/XSScanner
  2. cd XSScanner
  3. pip install -r requirements.txt
  4. python XSScanner.py -d <PATH>

Usage:

Place the directory you want to scan into SCAN folder then provide path with the -d flag

python XSScanner.py -d exampleDirectory

or without any flags to perform a bulk scan

python XSScanner.py

To Scan and Validate Vulnerablity Against Live Target Add -t flag

As of the currnet version (1.3.0), Attacking live target only:

1. Works with GET and REQUEST methods

2. Supports targets that requires not more than a single input parameter

3. Able to validate against single target

python XSScanner.py -d exampleScript -t http://localhost/sameScript

Output:

[-] 3 Potential XSS Vulnerabilities Found.

----------------------------------------
[+] 200 - Vulnerable: http://localhost/sameScript/admin/index.php?page=XSS_PAYLOAD
[+] 200 - Vulnerable: http://localhost/sameScript/admin/index.php?s=XSS_PAYLOAD
----------------------------------------

[-] Scan Completed!

[+] Scan Result Saved in Results Folder

flags and usage help

usage: XSScanner.py [-h] [-d DIRECTORY] [-t TARGET] [-o] [--update]

options:
  -h, --help            show this help message and exit
  -d PATH, --directory PATH  Used To Define a Directory Path To Scan (all folders will be scan if not provided a name)
  -t TARGET, --target TARGET Used To Define a Target URI To Test Against
  -o, --output          Print Scan Output on Screen (default=false)
  --update              Update XSScanner

All Results Will Be Stored in Results/{target_folder_name}/XSS-{target_folder_name}-{timestamp}-output.json file.

Adding -o flag will STDOUT print results on screen.

Output file

[
  {
    "file": "/exampleScript/admin/inc/navigation.php",
    "line #": 116,
    "code": "var page = '<?php echo isset($_GET['page']) ? $_GET['page'] : 'home' ?>';",
    "source": "GET",
    "sink": "echo",
    "exploitation": [
      {
        "file": "admin/index.php?page=XSS_PAYLOAD",
        "code": "<?php require_once('inc/navigation.php') ?>",
        "parameter": "page"
      }
    ]
  }
]

CVEs Discoverd Using This Tool:

CVE Researcher Publication
CVE-2022-28077 @b4zb0z Github
CVE-2022-28078 @b4zb0z Github
CVE-2022-30513 @b4zb0z Github
CVE-2022-30514 @b4zb0z Github

Add your findings by sending a DM to @b4zb0z on Twitter

License

The XXScanner is open-sourced software licensed under the MIT license.

About

Python3 Script To Scan PHP Files For XSS Vulnerabilities

Topics

php scanner xss python3 code-review

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

1.3.0 Latest
May 23, 2022
+ 1 release

Sponsor this project

Contributors

Languages