xssmap is a tiny tool to scan for (DOM)XSS vulnerabilities by using a headless browser based on webkit (PhantomJS). This enables evaluation of attack vectors and is nearly false positive free.
- Install the phantomjs command line tool.
go get github.com/rverton/xssmapxssmap -h
XSSMAP v0.1. github.com/rverton/xssmap
Usage:
xssmap [--method=<method>] [--data=<data>] [--json] [--failed] [--payloads=<payloads.txt>] URL
xssmap -h | --help
xssmap --version
Arguments:
URL insert {XSS} as a placeholder for payloads
Options:
--failed Show failed attempts.
--json Use JSON as output format.
-h --help Show this screen.
--version Show version.
Example:
xssmap http://server.com/foo{XSS}
xssmap --method=POST --data="foo={XSS}" http://server.com/vuln
xssmap --failed http://server.com/foo#{XSS}
Payloads are located in payloads.txt. xssmap checks if window.xssmap is defined. All payloads are either
- setting
window.xssmap = true;or - calling
xssm(), a function which is injected and executeswindow.xssmap = true.
Most of payloads were slightly modified from ra2-dom-xss-scanner.
MIT