{"id":20900012,"url":"https://github.com/the404hacking/xsscan","last_synced_at":"2025-10-05T15:23:14.340Z","repository":{"id":49342655,"uuid":"88743039","full_name":"The404Hacking/XsSCan","owner":"The404Hacking","description":"XsSCan | Web Application XSS Scanner | Coded By Sir.4m1R [Mr.Hidden]","archived":false,"fork":false,"pushed_at":"2018-11-22T06:06:01.000Z","size":1943,"stargazers_count":81,"open_issues_count":2,"forks_count":19,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-01T15:09:26.655Z","etag":null,"topics":["cross-site-scripting","hacking","python","scan","scanner","security","security-scanner","subdomain","the404hacking","xss","xss-vulnerability","xssscan"],"latest_commit_sha":null,"homepage":"https://Telegram.me/The404Hacking","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/The404Hacking.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-19T12:36:24.000Z","updated_at":"2025-03-28T07:55:05.000Z","dependencies_parsed_at":"2022-08-28T13:01:08.805Z","dependency_job_id":null,"html_url":"https://github.com/The404Hacking/XsSCan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2FXsSCan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2FXsSCan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2FXsSCan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2FXsSCan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/The404Hacking","download_url":"https://codeload.github.com/The404Hacking/XsSCan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253853992,"owners_count":21974208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cross-site-scripting","hacking","python","scan","scanner","security","security-scanner","subdomain","the404hacking","xss","xss-vulnerability","xssscan"],"created_at":"2024-11-18T11:17:27.201Z","updated_at":"2025-10-05T15:23:14.290Z","avatar_url":"https://github.com/The404Hacking.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# XsSCan - Web Application XSS Scanner\nPowered By [The404Hacking](https://Telegram.me/The404Hacking) Team\n\nAuthor: [Sir.4m1R](https://t.me/sir4m1R) (Mr.Hidden)\n\nTelegram: [@MrHiddenRoBot](https://Telegram.me/MrHiddenRoBot)\n\n![Screenshot](Screenshot.png?raw=ture \"Screenshot\")\n\n# Installation: \nType the following in the terminal.\n\ngit clone [https://github.com/The404Hacking/XsSCan](https://github.com/The404Hacking/XsSCan) /opt/XsSCan\n\nThe tool works on Python 2.7 and you should have mechanize installed. If mechanize is not installed, type \"pip install mechanize\" in the terminal.\n\n# Usage: \npython XsSCan.py -u [website.com](https://t.me/The404Hacking) (Do not write www.website.com OR http://www.website.com)\n\n# Payloads\nIf you have found a XSS vulnerability, you can try the following payloads.\nClick [here](https://github.com/The404Hacking/XsSCan/blob/master/Payloads.txt)\n\n# Description: \nXsSCan is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After that, it starts scanning each and every input on each and every page that it found while its traversal. It uses small yet effective payloads to search for XSS vulnerabilities. \n\nThe tool has been tested parallel with paid Vulnerability Scanners and most of the scanners failed to detect the vulnerabilities that the tool was able to find. Moreover, most paid tools scan only one site whereas XsSCan first finds a lot of subdomains and then scan all the links altogether. The tool comes with:\n\n1) Short Scanning\n2) Comprehensive Scanning\n3) Finding subdomains\n4) Checking every input on every page\n\nWith this tool, Cross Site Scripting vulnerabilities have been found in the websites of MIT, Stanford, Duke University, Informatica, Formassembly, ActiveCompaign, Volcanicpixels, Oxford, Motorola, Berkeley and many more.\n\n\n# NOTE: \nMail me if you encounter any errors [Mail The404Hacking](mailto:The404Hacking.Team@Gmail.Com). You can also post your problems on the website. I'll try my best to respond as soon as possible.\n\n[Sir.4m1R](https://telegram.me/Sir4m1R)\n\n\n## Download and Clone\n\u003e Download: [XsSCan-master.zip](https://github.com/The404Hacking/XsSCan/archive/master.zip)\n\n\u003e Clone: git clone [https://github.com/The404Hacking/XsSCan.git](https://github.com/The404Hacking/XsSCan.git)\n\n## The404Hacking | Digital UnderGround Team\n[The404Hacking](https://T.me/The404Hacking)\n\n## Follow us !\n[The404Hacking](https://T.me/The404Hacking) - [The404Cracking](https://T.me/The404Cracking)\n\n[Instagram](https://instagram.com/The404Hacking) - [GitHub](https://github.com/The404Hacking)\n\n[YouTube](http://yon.ir/youtube404) - [Aparat](http://www.aparat.com/The404Hacking)\n\n[Mail](mailto:The404Hacking.Team@Gmail.Com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe404hacking%2Fxsscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthe404hacking%2Fxsscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe404hacking%2Fxsscan/lists"}