Traxss is an automated framework for scanning URLs and web pages for XSS vulnerabilities. Includes over 575 payloads for testing and multiple options for XSS exploitation.
Traxss is Chromedriver dependent. On MacOS this can be installed with the homebrew command:
brew install cask chromedriver
Alternatively, you can find a version for another operating system here: https://sites.google.com/a/chromium.org/chromedriver/downloads
We run the command:
pip3 install -r requirements.txt
We start Traxss
Traxx can start with the command:
This command will launch an interactive CLI to guide you through the process.
Full Scan w/ HTML
It scans queries with more than 575 payloads and tries to detect XSS vulnerabilities by passing parameters through the URL. It will also render HTML and try to manually vulnerability XSS (this feature is still in beta).
Full Scan w/o HTML
This scan will only scan one query.
Fast Scan w/ HTML
This scan is the same as full w / HTML, but will only use 7 payloads instead of 575+.
Fast Scan w/o HTML
This scan is the same as full w / o HTML, but will only use 7 payloads instead of 575+.