Sometimes I need to figure out where the XSS script the attacker injected in my website, so I came with an idea I need a tool to scan the malicious scripts automatically. So I wrote anti-XSS, an open source scanning tool for XSS vulnerability.
anti-XSS
anti-XSS is an open source XSS scanning tool which comes with a powerful detection engine. It automates the process of detecting as well as mining XSS scripts and generate the scanning report automatically.
N.B: The project is under development and prone to bugs.
Installation
You can download the latest zipball by clicking here.
Preferably, you can download anti-XSS by cloning the Git repository and then install requirements.
$ git clone https://git@github.com:lewang2333/anti-XSS.git anti-XSS
$ cd anti-XSS
$ pip install -r requirements.txt
anti-XSS works out of the box with Python version 2.7.x on any platform.
Usage
To get a list of basic options and switches use:
python anti-XSS.py -h
or:
python anti-XSS.py --help
To get an overview of anti-XSS capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual.