{"id":13842037,"url":"https://github.com/MariaGarber/XSS-Scanner","last_synced_at":"2025-07-11T13:33:42.147Z","repository":{"id":48329066,"uuid":"285897858","full_name":"MariaGarber/XSS-Scanner","owner":"MariaGarber","description":"XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts","archived":false,"fork":false,"pushed_at":"2020-08-09T21:10:35.000Z","size":1899,"stargazers_count":123,"open_issues_count":4,"forks_count":35,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-08-05T17:30:18.657Z","etag":null,"topics":["injection","javascript","puppeteer","scanner","xss","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MariaGarber.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-07T18:39:32.000Z","updated_at":"2024-08-03T19:02:03.000Z","dependencies_parsed_at":"2022-09-06T15:10:17.435Z","dependency_job_id":null,"html_url":"https://github.com/MariaGarber/XSS-Scanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MariaGarber%2FXSS-Scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MariaGarber%2FXSS-Scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MariaGarber%2FXSS-Scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MariaGarber%2FXSS-Scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MariaGarber","download_url":"https://codeload.github.com/MariaGarber/XSS-Scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729816,"owners_count":17515171,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["injection","javascript","puppeteer","scanner","xss","xss-vulnerability"],"created_at":"2024-08-04T17:01:26.395Z","updated_at":"2024-11-21T12:30:48.475Z","avatar_url":"https://github.com/MariaGarber.png","language":"JavaScript","funding_links":[],"categories":["JavaScript (485)","JavaScript"],"sub_categories":[],"readme":"# XSS Scanner\n\nCross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs.\n\nThe scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scripts at the input place. The injection happens in headless browser named Chromium and controlled by Puppeteer automation.\n\nIt works in two steps:\n1. Find the target: In this first step, the tool tries to identify all the places at the page including injectable parameters in forms, URLs, headers, etc.\n2. Test for XSS: For each place discovered in the previous step, the scanner will try to detect if the parameters are vulnerable to Cross-Site Scripting. The tool injects a piece of JavaScript code, including some special HTML characters (\u003e, \u003c, \", ') and it will try to see if they are returned in the response page without sanitization.\nIf the tool detects at least one vulnerability, it will return that the website have XSS vulnerability.\n\n### Technologies\n * Puppeteer\n * Javascript\n * NodeJS\n * Express\n \n ![](public/pictures/xss_scanner.png)\n \n### How to install\n\nClone the repository:\n```\ngit clone https://github.com/MariaGarber/XSS-Scanner.git\n```\nEnter the clonned folder:\n```\ncd XSS-Scanner\n```\nInstall the dependencies:\n```\nnpm install\n```\nRun the application:\n```\nnpm start\n```\nOpen the browser at http://localhost:4000/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMariaGarber%2FXSS-Scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMariaGarber%2FXSS-Scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMariaGarber%2FXSS-Scanner/lists"}