This is a basic single-file python program that can discover fundamental XSS (cross-site scripting) vulnerabilities in a target url. The majority of XSS discovery tools utilize a payload refelection method in which payloads are injected in url criteria and the GET action is checked for locations where the payload material is shown. This is an extremely low accuracy XSS detection method since many reflection does not support execution.
This program utilizes a various technique, and rather opens the target url in a web browser, tests alert(…) payloads straight in the web browser context, and listens for an alert being activated. This indicates that any XSS identified by this program is very not likely to be an incorrect favorable.
This program can be utilized with the command
python main.py — target_url “https://xss-game.appspot.com/level1/frame?query=test” — payload_list_file_path lists/xss _ payloads_with_alert_message_signal. txt » …
Find out more
