The tool has been tested parallel with paid Vulnerability Scanners and most of the scanners failed to detect the vulnerabilities that the tool was able to find. Moreover, most paid tools scan only one site whereas XSSPY first finds a lot of subdomains and then scan all the links altogether. The tool comes with:
Checking every input on every page
With this tool, Cross Site Scripting vulnerabilities have been found in the websites of MIT, Stanford, Duke University, Informatica, Formassembly, ActiveCompaign, Volcanicpixels, Oxford, Motorola, Berkeley and many more.
Type the following in the terminal.
git clone http://ift.tt/28OLnv3 /opt/xsspy
The tool works on Python 2.7 and you should have mechanize installed. If mechanize is not installed, type “pip install mechanize” in the terminal.
If you have found a XSS vulnerability, you can try the following payloads. http://ift.tt/2u1kpI4
The post XssPy – Web Application XSS Scanner appeared first on Penetration Testing.