XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts
Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs.
The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scripts at the input place. The injection happens in headless browser named Chromium and controlled by Puppeteer automation.
It works in two steps:
Clone the repository:
git clone https://github.com/MariaGarber/XSS-Scanner.git
Enter the clonned folder:
cd XSS-Scanner
Install the dependencies:
npm install
Run the application:
npm start
Open the browser at http://localhost:4000/