automatically crawl every URL and find cross site scripting (XSS)

Last update: Sep 24, 2022

Overview

scancss

Fastest tool to find XSS.

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.

Main Features

Reflected XSS scanning
Blind xss find
Crawling all links on a website
POST and GET forms are supported
Advanced error handling
Multiprocessing support

Documentation

install

git clone https://github.com/thenurhabib/scancss.git
cd scancss
python -m pip install -r requirements.txt
python3 scancss.py --help

Usage

======================================================================== 
usage: scancss -u <target> [options]

Options:
  --help            Show usage and help parameters
  -u                Target url (e.g. http://example.com)                                                      
  --depth           Depth web page to crawl. Default: 2                                                       
  --payload-level   Level for payload Generator, 7 for custom payload. {1...6}. Default: 6                    
  --payload         Load custom payload directly (e.g. <script>alert(2005)</script>)                          
  --method          Method setting(s):                                                                        
                        0: GET                                                                                
                        1: POST                                                                               
                        2: GET and POST (default)                                                             
  --user-agent      Request user agent (e.g. Chrome/2.1.1/...)                                                
  --single          Single scan. No crawling just one address                                                 
  --proxy           Set proxy (e.g. {'https':'https://10.10.1.10:1080'})                                      
  --about           Print information about scancss tool                                                      
  --cookie          Set cookie (e.g {'ID':'12464476836'})                                                      
                                                                                                              
========================================================================

Author

Name       : Md. Nur habib
Medium     : thenurhabib.medium.com
Twitter    : https://twitter.com/thenurhab1b
HackerRank : https://www.hackerrank.com/thenurhabib

Thank You.

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

43 Dec 23, 2022

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p

12 Nov 9, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

187 Jan 3, 2023

A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

41 Nov 22, 2022

Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

5 Nov 9, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

1 Dec 15, 2021

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

1 Jan 5, 2022

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.

96 Dec 20, 2022

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel

8 Sep 3, 2022

Comments

ModuleNotFoundError: No module named 'click'

As you can see in the screenshot its showing an error called "ModuleNotFoundError" it is because you didnt add the "click" python module in the requirements.txt. Please consider adding this click module in requirements.txt and kindly forgive my horrible English.

Thanks.

opened by BDhackers009 1
The Crawler Don't Catch POST Parameters

Dear Developer,,

Thank you for building this automation tool after some scanning and testing for the tool with crawling mode and with single scan i touch that the tool don't grab all the parameters specially the one's comes with POST requests

the tool don't catch the POST parameters comes inside categories filters

if you can update the crawler it will be great

opened by Moskitoz 0

json.decoder.JSONDecodeError while supplying cookies

the tool is throwing errors while supplying the cookie like so :

[03:37:11] [INFO] --scancss
***************
Traceback (most recent call last):
  File "/opt/websecurity/scancss/scancss.py", line 114, in <module>
    start()
  File "/opt/websecurity/scancss/scancss.py", line 92, in start
    core.main(getopt.u, getopt.proxy, getopt.user_agent,
  File "/opt/websecurity/scancss/core.py", line 194, in main
    self.session = session(proxy, headers, cookie)
  File "/opt/websecurity/scancss/helper.py", line 39, in session
    requestVariable.cookies.update(json.loads(cookie))
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)                                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode                                                             
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode                                                         
    raise JSONDecodeError("Expecting value", s, err.value) from None                                                          
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

opened by surya-dev-singh 0

automatically crawl every URL and find cross site scripting (XSS)

Related tags

Overview

scancss

Fastest tool to find XSS.

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.

Main Features

Documentation

install

Usage

Author

Thank You.

You might also like...

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

A piece of software that shows a traceroute of a URL redirect path

Python script that sends CVE-2021-44228 log4j payload requests to url list

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

Comments

ModuleNotFoundError: No module named 'click'

The Crawler Don't Catch POST Parameters

json.decoder.JSONDecodeError while supplying cookies

the tool is throwing errors while supplying the cookie like so :

Releases(v1.0.0)

v1.0.0(Mar 13, 2022)

Owner

Md. Nur habib

macOS persistence tool

Client script for the fisherman phishing tool

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Phishing Campaign Toolkit

CVE-2021-22205& GitLab CE/EE RCE

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Web-eyes - OSINT tools for website research

This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

A honey token manager and alert system for AWS.

BETA: Layla - recon tool for bug bounty

Fuzzercorn - Bring libfuzzer to Unicorn

Python library to prevent XSS(cross site scripting attach) by removing harmful content from data.

Tools to make working the Arch Linux Security Tracker easier

Generate obfuscated meterpreter shells

Dark-Fb No Login 100% safe

BurpSuite Extension: Log4j2 RCE Scanner

GDID (Google Dorks for Information Disclosure)

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Laravel RCE (CVE-2021-3129)