XSS scanning tools


XSS scanning tools are typically used for web application analysis.

Users for these tools include pentesters, security professionals.


Damn Small XSS Scanner (cross-site scripting scanner)

penetration testing, web application analysis

Pybelt (pentest toolkit)

The pybelt toolkit may be useful during a pentest to simplify the process of scanning. It includes options like port scanning, dork checking, cracking and verification of hashes, and scanning for SQL injections.

XSSER (Cross-site scripting scanner)

penetration testing, security assessment, web application analysis

XXSER helps to get from XSS to Remote Code Execution (RCE). It provides custom tools and payloads integrated with Metasploit's Meterpreter. The goal is to automate as much as possible.

XSS Hunter (Cross-site scripting scanner)

penetration testing, software testing, vulnerability scanning

XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

XSStrike (XSS detection and exploitation suite)

application fuzzing, web application analysis

XSStrike is an XSS detection suite with the goal to reduce the false positives to zero. It can achieve this with its own fuzzing engine. The tool also allows generating custom payloads, which is rare within this line of tools.

Other related category: cross-site scripting scanners

Missing a favorite tool in this list? Share a tool suggestion and we will review it.