DSXS | An open source, simple and effective XSS scanner that can be easily customized

Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning.

Installation steps

The installation process is similar to installation for every github tool:

  • Go to the repository: Github repo
  • Clone the repository
  • Change the working directory
  • Enjoy your XSS scanner

Usage and demonstration on an online XSS challenge

You can also attempt to solve this simple xss challenge without the tool first: challenge

After that simply fire up the tool with the -u parameter for url and observe how fast it obtains the correct finding!

Note the last scan result which indicates a successful XSS vector! The tool also has cookies support in case you would like to find vulnerabilities when logged in. Also there is an option for a proxy which can come in handy if you need to analyse the traffic through BurpSuite or similar tool.

Pros

  • After thorough inspection and usage, this tool has all that is needed for a simple xss scanner
  • DSXS is highly customizable and easy to understand

Cons

  • It can not be compared to a more serious tool like XSStrike and in some cases is not as accurate
  • It has everything that is needed for a simple scan but it would be nice to see some more features

I think DSXS is a great tool for learning purposes, especially because of the small, easy understandable code base.

I will be awarding it 3/5 bunnies:

Want To Learn More About Ethical Hacking?

We have a networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients