The Traxss is an automated framework for scanning URLs and web pages for vulnerabilities XSS. It includes over 575 payloads to test and multiple options for XSS exploitation.
Let's start
Prerequisites
Traxss is Chromedriver dependent. On MacOS this can be installed with the homebrew command:
brew install cask chromedriver
Alternatively, you can find a version for another operating system here: https://sites.google.com/a/chromium.org/chromedriver/downloads
Installation
We run the command:
pip3 install -r requirements.txt
We start Traxss
Traxx can start with the command:
python3 traxss.py
This command will launch an interactive CLI to guide you through the process.
Types scan:
Full Scan w/ HTML
It uses query scanning with more than 575 payloads and tries to detect XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and try to manually vulnerability XSS (this mode is still in beta).
Full Scan w/o HTML
This scan will only scan one query.
Fast Scan w/ HTML
This scan is the same as full w / HTML, but will only use 7 payloads instead of 575+.
Fast Scan w/o HTML
This scan is the same as full w / o HTML, but will only use 7 payloads instead of 575+.