automatically crawl every URL and find cross site scripting (XSS)

Last update: Sep 24, 2022

Overview

scancss

Fastest tool to find XSS.

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.

Main Features

Reflected XSS scanning
Blind xss find
Crawling all links on a website
POST and GET forms are supported
Advanced error handling
Multiprocessing support

Documentation

install

git clone https://github.com/thenurhabib/scancss.git
cd scancss
python -m pip install -r requirements.txt
python3 scancss.py --help

Usage

======================================================================== 
usage: scancss -u <target> [options]

Options:
  --help            Show usage and help parameters
  -u                Target url (e.g. http://example.com)                                                      
  --depth           Depth web page to crawl. Default: 2                                                       
  --payload-level   Level for payload Generator, 7 for custom payload. {1...6}. Default: 6                    
  --payload         Load custom payload directly (e.g. <script>alert(2005)</script>)                          
  --method          Method setting(s):                                                                        
                        0: GET                                                                                
                        1: POST                                                                               
                        2: GET and POST (default)                                                             
  --user-agent      Request user agent (e.g. Chrome/2.1.1/...)                                                
  --single          Single scan. No crawling just one address                                                 
  --proxy           Set proxy (e.g. {'https':'https://10.10.1.10:1080'})                                      
  --about           Print information about scancss tool                                                      
  --cookie          Set cookie (e.g {'ID':'12464476836'})                                                      
                                                                                                              
========================================================================

Author

Name       : Md. Nur habib
Medium     : thenurhabib.medium.com
Twitter    : https://twitter.com/thenurhab1b
HackerRank : https://www.hackerrank.com/thenurhabib

Thank You.

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

43 Dec 23, 2022

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p

12 Nov 9, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

187 Jan 3, 2023

A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

41 Nov 22, 2022

Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

5 Nov 9, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

1 Dec 15, 2021

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

1 Jan 5, 2022

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.

96 Dec 20, 2022

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel

8 Sep 3, 2022

Comments

ModuleNotFoundError: No module named 'click'

As you can see in the screenshot its showing an error called "ModuleNotFoundError" it is because you didnt add the "click" python module in the requirements.txt. Please consider adding this click module in requirements.txt and kindly forgive my horrible English.

Thanks.

opened by BDhackers009 1
The Crawler Don't Catch POST Parameters

Dear Developer,,

Thank you for building this automation tool after some scanning and testing for the tool with crawling mode and with single scan i touch that the tool don't grab all the parameters specially the one's comes with POST requests

the tool don't catch the POST parameters comes inside categories filters

if you can update the crawler it will be great

opened by Moskitoz 0

json.decoder.JSONDecodeError while supplying cookies

the tool is throwing errors while supplying the cookie like so :

[03:37:11] [INFO] --scancss
***************
Traceback (most recent call last):
  File "/opt/websecurity/scancss/scancss.py", line 114, in <module>
    start()
  File "/opt/websecurity/scancss/scancss.py", line 92, in start
    core.main(getopt.u, getopt.proxy, getopt.user_agent,
  File "/opt/websecurity/scancss/core.py", line 194, in main
    self.session = session(proxy, headers, cookie)
  File "/opt/websecurity/scancss/helper.py", line 39, in session
    requestVariable.cookies.update(json.loads(cookie))
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)                                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode                                                             
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())                                                                         
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode                                                         
    raise JSONDecodeError("Expecting value", s, err.value) from None                                                          
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

opened by surya-dev-singh 0

automatically crawl every URL and find cross site scripting (XSS)

Related tags

Overview

scancss

Fastest tool to find XSS.

scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload generator.

Main Features

Documentation

install

Usage

Author

Thank You.

You might also like...

edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

A piece of software that shows a traceroute of a URL redirect path

Python script that sends CVE-2021-44228 log4j payload requests to url list

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

Comments

ModuleNotFoundError: No module named 'click'

The Crawler Don't Catch POST Parameters

json.decoder.JSONDecodeError while supplying cookies

the tool is throwing errors while supplying the cookie like so :

Releases(v1.0.0)

v1.0.0(Mar 13, 2022)

Owner

Md. Nur habib

Fast Fb Cracking Tool

Chapter 1 of the AWS Cookbook

Unicode fuzzer for various purposes

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

A TCP Backdoor made in python

version de mi tool de kali linux para miertuxzzzz digo, termux >:)

FBGen is simple facebook user based wordlist generator using Username/ID and cookie.

带回显版本的漏洞利用脚本

Log4j minecraft with python

A Safer PoC for CVE-2022-22965 (Spring4Shell)

SSRF search vulnerabilities exploitation extended.

Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

Um script simples de Port Scan + DNS by Hostname

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight;

High level cheatsheet that was designed to make checks on the OSCP more manageable

CVE-2022-21907 Vulnerability PoC

CVE-log4j CheckMK plugin

Web-eyes - OSINT tools for website research

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye