Firstly, if you have no idea what xss is all about , please read xss injection tutorial to understand the way xss works. In this post I’ll list some xss scanners which are available to be used to pentest your own webs. Instead of online xss scanner that I mentioned on my previous post , I’ll introduce you to some other scanner xss.
* Acunetix WVS automatically checks your web applications for XSS, SQL Injection & other vulnerabilities.
* Firewalls, SSL and locked-down servers are futile against web application hacking.
* Acunetix checks your web applications for coding errors that result in Cross Site Scripting vulnerabilities.
* Acunetix also checks for other vulnerabilities in popular web applications such as Joomla, PHPbb.
* Acunetix identifies files with XSS vulnerabilities allowing you to fix them BEFORE the hacker finds them!
URL : http://www.acunetix.com/cross-site-scripting/scanner.htm
Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
URL : http://pixybox.seclab.tuwien.ac.at/pixy/download.php
Once you open the POC application there are two options that are given to you. The first one is to use the XSS scanner together with the Yahoo Site Explorer Spider. The spider is restricted in terms of depth and number of results per page. You can spider only the top 50 results. Again, this is done on purpose. Concurrently with the spider, the scanner will test for the XSS issues and deliver the result via a callback mechanism.
D3hydr8 Google XSS scanner
XSS Scanner that can find hosts using a google query or search one site.
URL : http://darkcode.ath.cx/scanners/XSSscan.py
Related articles :
- PHP Security: Fortifying Your Website- Power Tips, Tools & How to’s (noupe.com)
- Retrieving Data on a SQL Anywhere Server Using AJAX (java.sys-con.com)
- Php & Web Security - PHPXperts 2009 (slideshare.net)