XSS scanning tools
Introduction
Cross-site scripting (XSS) is an attack where malicious scripts or data input is injected into an otherwise trusted website or page. Due to the lack of validation or encoding of the output, the malicious content may be executed by unaware users or visitors.
XSS scanners are valuable when it comes to testing for cross-site scripting weaknesses in web applications.
Usage
XSS scanning tools are typically used for web application analysis.
Users for these tools include pentesters and security professionals.
Tools
Popular XSS scanning tools
Damn Small XSS Scanner (cross-site scripting scanner)
penetration testing, web application analysis
Pybelt (pentest toolkit)
The pybelt toolkit may be useful during a pentest to simplify the process of scanning. It includes options like port scanning, dork checking, cracking and verification of hashes, and scanning for SQL injections.
XSS Hunter (Cross-site scripting scanner)
penetration testing, software testing, vulnerability scanning
XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.
XSSER (Cross-site scripting scanner)
penetration testing, security assessment, web application analysis
XXSER helps to get from XSS to Remote Code Execution (RCE). It provides custom tools and payloads integrated with Metasploit's Meterpreter. The goal is to automate as much as possible.
XSStrike (XSS detection and exploitation suite)
application fuzzing, web application analysis
XSStrike is an XSS detection suite with the goal to reduce the false positives to zero. It can achieve this with its own fuzzing engine. The tool also allows generating custom payloads, which is rare within this line of tools.
Other related category: cross-site scripting scanners
Missing a favorite tool in this list? Share a tool suggestion and we will review it.