NoXss is a cross-site script vulnerability scanner. It is very fast and suitable for essay million urls.
Specifications
-
Fast and convenient for testing millions of URLs
-
Dom-based xss support (using Chrome or Phantomjs) and xss
-
Use only 8 payloads based on its location injection
-
Async request (use of gevent) and multiple editing
-
Support for individual url, file and traffic from Burpsuite
-
Traffic filter interface
- Support special headers (referer,cookie,customized token,eg)
-
Quickly support revan via id
Installation
Ubuntu
- 1.apt-get install flex bison phantomjs
- 2.pip install -r requirements.txt
Centos
- 1.yum install flex bison phantomjs
- 2.pip install -r requirements.txt
MacOS
- 1.brew install grep findutils flex phantomjs
- 2.pip install -r requirements.txt
Use
python start.py –url url –save
python start.py –url url –cookie cookie –browser chrome –save
python start.py –url url –cookie cookie –browser chrome-headless –save
python start.py –file ./url.txt –save
python start.py –burp ./test.xml –save
python start.py –file file –filter
Options
–Url
–Id
–File
–Burp
–Process
–Coroutine
–Cookie
–Filter
–Browser
–Save
–Clear
Application snapshots
You can download it program from here.