simple tools that try to detect an xss vulnerability
feel free to develop and submit bug or add extra features
this tool for educational propose
Requirement:
you have to install selenium module
Here : http://seleniumhq.org/
Usage: xss_scanner.py http://www.site.com/file.php?var=
the target should be started with http:// or https://
SHOW FULL COLUMNS FROM `jrk_downrecords` [ RunTime:0.002951s ]
SELECT `a`.`aid`,`a`.`title`,`a`.`create_time`,`m`.`username` FROM `jrk_downrecords` `a` INNER JOIN `jrk_member` `m` ON `a`.`uid`=`m`.`id` WHERE `a`.`status` = 1 GROUP BY `a`.`aid` ORDER BY `a`.`create_time` DESC LIMIT 10 [ RunTime:0.126503s ]
SHOW FULL COLUMNS FROM `jrk_tagrecords` [ RunTime:0.001985s ]
SELECT * FROM `jrk_tagrecords` WHERE `status` = 1 ORDER BY `num` DESC LIMIT 20 [ RunTime:0.001983s ]
SHOW FULL COLUMNS FROM `jrk_member` [ RunTime:0.002348s ]
SELECT `id`,`username`,`userhead`,`usertime` FROM `jrk_member` WHERE `status` = 1 ORDER BY `usertime` DESC LIMIT 10 [ RunTime:0.004049s ]
SHOW FULL COLUMNS FROM `jrk_searchrecords` [ RunTime:0.002193s ]
SELECT * FROM `jrk_searchrecords` WHERE `status` = 1 ORDER BY `num` DESC LIMIT 5 [ RunTime:0.003594s ]
SELECT aid,title,count(aid) as c FROM `jrk_downrecords` GROUP BY `aid` ORDER BY `c` DESC LIMIT 10 [ RunTime:0.020975s ]
SHOW FULL COLUMNS FROM `jrk_articles` [ RunTime:0.003252s ]
UPDATE `jrk_articles` SET `hits` = 1 WHERE `id` = 101646 [ RunTime:0.001735s ]