Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website.
T-XSS is a XSS vulnerability scanner written in Python. This is how it works:
- Given a URL, it grabs all the HTML forms and then prints the number of forms detected.
- It then iterates all over the forms and submits the forms by putting the value of all text and search input fields with a Javascript code.
- If the Javascript code is injected and successfully executed, then this is a clear sign that the web page is XSS vulnerable.
- apt update && apt upgrade
- pip install -r requirements.txt
- sudo apt install python (use pkg on Termux)
- sudo apt install git (use pkg on Termux)
- git clone https://github.com/ParzivalHack/T-XSS
- cd T-XSS
- python T-XSS.py
- cd T-XSS
- bash update.sh
This tool is under the GPL v.3 License.