Saturday, November 5, 2011

Damn Small XSS Scanner (DSXS)

Damn Small XSS Scanner (DSXS) is a fully functional XSS scanner (supporting GET and POST parameters) written in under 100 lines of code.

As of optional settings it supports HTTP proxy together with HTTP header values "User-Agent", "Referer" and "Cookie".

Latest source code can be found here (update: current version is v0.1f - Nov 11th 2011).

p.s. sample run(s) against LEGAL targets:
$ python dsxs.py
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
 by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

Usage: dsxs.py [options]

Options:
  --version          show program's version number and exit
  -h, --help         show this help message and exit
  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.htm?id=1")
  --data=DATA        POST data (e.g. "query=test")
  --cookie=COOKIE    HTTP Cookie header value
  --user-agent=UA    HTTP User-Agent header value
  --random-agent     Use randomly selected HTTP User-Agent header value
  --referer=REFERER  HTTP Referer header value
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")

$ python dsxs.py -u "http://zero.webappsecurity.com/login1.asp" --data="login=te
st&password=test&graphicOption=minimum" --random-agent
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
 by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

* scanning POST parameter 'login'
 (i) POST parameter 'login' appears to be XSS vulnerable (">...<", outside tags,
 some filtering))
* scanning POST parameter 'password'
* scanning POST parameter 'graphicOption'

scan results: possible vulnerabilities found

$ python dsxs.py -u "http://xss.progphp.com/xss8.html?input=1" --random-agent
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
 by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

* scanning GET parameter 'input'
 (i) GET parameter 'input' appears to be XSS vulnerable ("...", pure text respon
se, no filtering))

scan results: possible vulnerabilities found

$ python dsxs.py -u "http://xss.progphp.com/xss12.html" --data="bar=secret&foo=t
est"
Damn Small XSS Scanner (DSXS) < 100 LOC (Lines of Code) #v0.1e
 by: Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)

* scanning POST parameter 'bar'
* scanning POST parameter 'foo'
 (i) POST parameter 'foo' appears to be XSS vulnerable ("<.'...'.>", inside tag,
 inside single-quotes, some filtering))

scan results: possible vulnerabilities found
p.p.s. ttyrec console recording:

5 comments:

XxjakxX said...

=))
very nice mr.stampar.
and thank you for sharing :)

Anonymous said...

Nice work! I learn a lot from your blog.

tegel outlet said...

Awesome post information Thanks for sharing

Anonymous said...

The love of country is the first virtue in a civilized man.
http://www.cheapnikesshoescs.com/ 7h3z8y8d2q3d0f3z
http://buy.hairstraighteneraustraliae.com/ 7u2u9d4x6q6x3z8n
http://www.longchampsaleukxz.com/ 4h8j9j0e5c5w4l0e
http://www.cheapbootsforsale2013s.com/ 8e0n4d2m5e4k4w9p
http://www.uggsaustralianorges.com/ 9e8y1n4s3f0z0n0l
http://www.cheapfashionshoesas.com/ 7x0r3t8k4i9i8e7q
http://www.burberryoutletsalexs.com/ 1n3x4d3v2z8o2w7k
http://www.buybeatsbydrdrexs.com/ 8q1o3j0g0y5n2o2n
http://www.michaelkorsoutletei.com/ 5r6d6q2a0q6u5x8o
http://www.nflnikejerseysshopse.com/ 2x4c6x1y8e6b4u5z
http://www.cheapnikeshoesfreeruns.com/ 2v9d9z2g9u7d5f4l

Anonymous said...

Coach Outlet kzeqqoux Coach Factory Outlet guuxjfeq Coach Factory zgynmqvt Coach Outlet Online mmmexytv Coach Outlet Sale jafctssm