├── images └── Images ├── README.md ├── LICENSE └── ScannerXSS.py /images/Images: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # XSScanner 2 | Basic XSS Scanner 3 | 4 | # Resources 5 | - [Usage](#Usage) 6 | - [Installation](#Installation) 7 | 8 | # Usage 9 | 10 | ```python 11 | python3 ScannerXSS.py Urls.txt '">' 12 | ``` 13 | 14 | # Examples 15 | 16 | ## Urls.txt 17 | 18 | ``` 19 | https://www.XXX.com/search/?q=tester&id=valuetest 20 | http://XXX.free/XX/XX/recherche.php?motclef=simple 21 | https://XX.com/XXX?n=aporlorxl23&Other=Aporlox 22 | https://XXX.XXX.com/?for=bing.com 23 | ``` 24 | 25 | 26 | # Installation 27 | 28 | ### From Github 29 | 30 | ```sh 31 | git clone https://github.com/Aporlorxl23/XSScanner.git 32 | python3 ScannerXSS.py Urls.txt '">' 33 | ``` 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Eren Simsek 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /ScannerXSS.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | import requests, re, sys 4 | from os import path 5 | from concurrent.futures import ThreadPoolExecutor 6 | 7 | class Scanner: 8 | def __init__(self,File,Payload): 9 | self.File = File 10 | self.Agent = {"User-Agent":"Aporlorxl23/XSScanner"} 11 | self.Payload = Payload 12 | def Parser(self,Url): 13 | Url = Url 14 | Params = re.findall("(\?|\&)([^=]+)\=([^&]+)", Url) 15 | Index = Url.index(Params[0][0]) 16 | MainUrl = Url[:Index+1] 17 | AllParams="" 18 | for Param in Params: 19 | Param = Param[1]+"="+self.Payload+"&" 20 | AllParams += Param 21 | return MainUrl+AllParams[:len(AllParams)-1] 22 | def CheckFile(self): 23 | if path.isfile(self.File): 24 | pass 25 | else: 26 | print("[-] File Not Found !") 27 | self.Thanks() 28 | def Thanks(self): 29 | print("[+] Thanks for use Eren Şimşek ") 30 | exit(0) 31 | def Scan(self): 32 | self.CheckFile() 33 | File = open(self.File,"r") 34 | for Url in File: 35 | Url = Url.strip("\n") 36 | Url = self.Parser(Url) 37 | Resp = requests.get(Url,headers=self.Agent) 38 | if self.Payload in str(Resp.content): 39 | print("[+] XSS Found",Url) 40 | File.close() 41 | self.Thanks() 42 | if __name__ == "__main__": 43 | 44 | if len(sys.argv) == 3: 45 | Start = Scanner(sys.argv[1],sys.argv[2]) 46 | with ThreadPoolExecutor(max_workers=25) as executor: 47 | future = executor.submit(Start.Scan) 48 | else: 49 | print("[+] Usage=> python3 Apor.py Urls.txt '\">'") 50 | print("[+] Thanks for use Eren Şimşek ") 51 | exit(0) 52 | --------------------------------------------------------------------------------