Search for
Login | Username Password Forgot? | Email: | Create Account
Technology / Internet | Entries: 319 | Views: 4635 | Modified: 2 months ago | | Add to My Feeds
Report
scanner xss
July 22nd, 2009
Watching some asshat fail at cross site script...
Image by vissago via Flickr

Firstly, if you have no idea what xss is all about , please read xss injection tutorial to understand the way xss works. In this post I’ll list some xss scanners which are available to be used to pentest your own webs. Instead of online xss scanner that I mentioned on my previous post , I’ll introduce you to some other scanner xss.

Acunetix

* Acunetix WVS automatically checks your web applications for XSS, SQL Injection & other vulnerabilities.
* Firewalls, SSL and locked-down servers are futile against web application hacking.
* Acunetix checks your web applications for coding errors that result in Cross Site Scripting vulnerabilities.
* Acunetix also checks for other vulnerabilities in popular web applications such as Joomla, PHPbb.
* Acunetix identifies files with XSS vulnerabilities allowing you to fix them BEFORE the hacker finds them!

URL : http://www.acunetix.com/cross-site-scripting/scanner.htm

Pixy

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

URL : http://pixybox.seclab.tuwien.ac.at/pixy/download.php

GNUCITIZEN Javascript xss scanner

Once you open the POC application there are two options that are given to you. The first one is to use the XSS scanner together with the Yahoo Site Explorer Spider. The spider is restricted in terms of depth and number of results per page. You can spider only the top 50 results. Again, this is done on purpose. Concurrently with the spider, the scanner will test for the XSS issues and deliver the result via a callback mechanism.

URL : http://www.gnucitizen.org/blog/javascript-xss-scanner/

D3hydr8 Google XSS scanner

XSS Scanner that can find hosts using a google query or search one site.

URL : http://darkcode.ath.cx/scanners/XSSscan.py


More from แนวคิดใหม่ในแบบคาสิโนออนไลน์

Xss scanner 09 Oct 3
scanner xss 09 Jul 22
Is milw0rm dead ? 09 Jul 9

^ Back To Top