Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning.
Installation steps
The installation process is similar to installation for every github tool:
- Go to the repository: Github repo
-
Clone the repository
- Change the working directory
- Enjoy your XSS scanner
Usage and demonstration on an online XSS challenge
You can also attempt to solve this simple xss challenge without the tool first: challenge
After that simply fire up the tool with the -u parameter for url and observe how fast it obtains the correct finding!
Note the last scan result which indicates a successful XSS vector! The tool also has cookies support in case you would like to find vulnerabilities when logged in. Also there is an option for a proxy which can come in handy if you need to analyse the traffic through BurpSuite or similar tool.
Pros
- After thorough inspection and usage, this tool has all that is needed for a simple xss scanner
- DSXS is highly customizable and easy to understand
Cons
- It can not be compared to a more serious tool like XSStrike and in some cases is not as accurate
- It has everything that is needed for a simple scan but it would be nice to see some more features
I think DSXS is a great tool for learning purposes, especially because of the small, easy understandable code base.
Want To Learn More About Ethical Hacking?
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.