bigzooooz/XSScanner

\ \ / // ____/ ____|                                
 \ V /| (___| (___   ___ __ _ _ __  _ __   ___ _ __ 
  > <  \___ \\___ \ / __/ _` | '_ \| '_ \ / _ \ '__|
 / . \ ____) |___) | (_| (_| | | | | | | |  __/ |   
/_/ \_\_____/_____/ \___\__,_|_| |_|_| |_|\___|_|  

   Scanning PHP Files for XSS Vulnerabilities Never Been Any Easier!

Current Version: 1.3.0

Installation:

git clone https://github.com/bigzooooz/XSScanner
cd XSScanner
pip install -r requirements.txt
python XSScanner.py -d <PATH>

Usage:

Place the directory you want to scan into `SCAN` folder then provide path with the `-d` flag

python XSScanner.py -d exampleDirectory

or without any flags to perform a bulk scan

python XSScanner.py

To Scan and Validate Vulnerablity Against Live Target Add `-t` flag

As of the currnet version (1.3.0), Attacking live target only:

1. Works with GET and REQUEST methods

2. Supports targets that requires not more than a single input parameter

3. Able to validate against single target

python XSScanner.py -d exampleScript -t http://localhost/sameScript

Output:

[-] 3 Potential XSS Vulnerabilities Found.

----------------------------------------
[+] 200 - Vulnerable: http://localhost/sameScript/admin/index.php?page=XSS_PAYLOAD
[+] 200 - Vulnerable: http://localhost/sameScript/admin/index.php?s=XSS_PAYLOAD
----------------------------------------

[-] Scan Completed!

[+] Scan Result Saved in Results Folder

flags and usage help

usage: XSScanner.py [-h] [-d DIRECTORY] [-t TARGET] [-o] [--update]

options:
  -h, --help            show this help message and exit
  -d PATH, --directory PATH  Used To Define a Directory Path To Scan (all folders will be scan if not provided a name)
  -t TARGET, --target TARGET Used To Define a Target URI To Test Against
  -o, --output          Print Scan Output on Screen (default=false)
  --update              Update XSScanner

All Results Will Be Stored in Results/{target_folder_name}/XSS-{target_folder_name}-{timestamp}-output.json file.

Adding -o flag will STDOUT print results on screen.

Output file

[
  {
    "file": "/exampleScript/admin/inc/navigation.php",
    "line #": 116,
    "code": "var page = '<?php echo isset($_GET['page']) ? $_GET['page'] : 'home' ?>';",
    "source": "GET",
    "sink": "echo",
    "exploitation": [
      {
        "file": "admin/index.php?page=XSS_PAYLOAD",
        "code": "<?php require_once('inc/navigation.php') ?>",
        "parameter": "page"
      }
    ]
  }
]

CVEs Discoverd Using This Tool:

CVE	Researcher	Publication
CVE-2022-28077	@b4zb0z	Github
CVE-2022-28078	@b4zb0z	Github
CVE-2022-30513	@b4zb0z	Github
CVE-2022-30514	@b4zb0z	Github

Add your findings by sending a DM to @b4zb0z on Twitter

License

The XXScanner is open-sourced software licensed under the MIT license.

bigzooooz / XSScanner

Installation:

Usage:

Place the directory you want to scan into `SCAN` folder then provide path with the `-d` flag

or without any flags to perform a bulk scan

To Scan and Validate Vulnerablity Against Live Target Add `-t` flag

flags and usage help

Output file

CVEs Discoverd Using This Tool:

License

About

Languages

Installation:

Usage:

Place the directory you want to scan into SCAN folder then provide path with the -d flag

or without any flags to perform a bulk scan

To Scan and Validate Vulnerablity Against Live Target Add -t flag

flags and usage help

Output file

CVEs Discoverd Using This Tool:

License

About

Languages

Place the directory you want to scan into `SCAN` folder then provide path with the `-d` flag

To Scan and Validate Vulnerablity Against Live Target Add `-t` flag