xsscrapy, a tool, that examines given URL to find cross-site scripting and some SQL injection vulnerabilities.
Requirements
- Python
- xsscrapy
- Linux operating system
- May need additional libraries depending on OS (libxml2 libxslt zlib libffi openssl and sometimes libssl-dev)
Download and Install
Step 1: Download and install xsscrapy from GitHub or type the following command given below:
wget -O https://bootstrap.pypa.io/get-pip.py python get-pip.py pip install -r requirements.txt
Step 2: To run the command within the main folder:
./xsscrapy.py -u http://example.com
Step 3: To login and crawl:
./xsscrapy.py -u http://example.com/login_page -l loginname
Step 4: To login with HTTP basic auth then crawl:
./xsscrapy.py -u http://example.com/login_page -l loginname --basic
Step 5: To use cookies:
./xsscrapy.py -u http://example.com/login_page --cookie "SessionID=abcdef1234567890"
Step 6: To limit simultaneous connections (upto 20):
./xsscrapy.py -u http://example.com -c 20
Step 7: To rate limit to 60 requests per minute:
./xsscrapy.py -u http://example.com/ -r 60
All the XSS vulnerabilities are reported in xssrapy-vulns.txt
Note: If it gives an error : ImportError: cannot import name LinkExtractor . This means that you don’t have the latest version of scrapy. You can install it using: sudo pip install --upgrade scrapy.