https://github.com/rix4uni/pyxss

Simple XSS vulnerability checker tool very useful with xsschecker.
https://github.com/rix4uni/pyxss

bugbounty masshuntxss recon reconnaissance vulnerability xss xss-automation xsschecker xssvalidator

Last synced: 7 months ago
JSON representation

Simple XSS vulnerability checker tool very useful with xsschecker.

• Host: GitHub
• URL: https://github.com/rix4uni/pyxss
• Owner: rix4uni
• Created: 2024-08-27T12:16:57.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-11-21T11:02:40.000Z (7 months ago)
• Last Synced: 2025-11-21T12:20:01.963Z (7 months ago)
• Topics: bugbounty, masshuntxss, recon, reconnaissance, vulnerability, xss, xss-automation, xsschecker, xssvalidator
• Language: Python
• Homepage:
• Size: 585 KB
• Stars: 12
• Watchers: 1
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
## pyxss

Simple XSS vulnerability checker tool very useful with xsschecker.

## Installation

```

git clone https://github.com/rix4uni/pyxss.git

cd pyxss

python3 setup.py install

```

## pipx

Quick setup in isolated python environment using [pipx](https://pypa.github.io/pipx/)

```

pipx install --force git+https://github.com/rix4uni/pyxss.git

```

## Usage

```

usage: pyxss [-h] [-o OUTPUT_FILE] [--timeout TIMEOUT] [--popupload POPUPLOAD] [-w WORKERS] [--silent] [--no-color] [--headless] [--version]

pyxss - Simple XSS vulnerability checker.

options:

  -h, --help            show this help message and exit

  -o, --output OUTPUT_FILE

                        Save output to a file

  --timeout TIMEOUT     Timeout in seconds for page load (default 15)

  --popupload POPUPLOAD

                        Wait time for Alert popup to load in seconds (default 5)

  -w, --workers WORKERS

                        Number of parallel workers for URL scanning (default 4)

  --silent              Run without printing the banner

  --no-color            Disable colored output

  --headless            Run in headless mode (no GUI Browser)

  --version             Show current version of pyxss

Examples:

      # Step 1

      curl -s "https://raw.githubusercontent.com/rix4uni/WordList/refs/heads/main/payloads/xss/xss-small.txt" | sed 's/^/rix4uni/' | unew -q fav-xss.txt

      # Step 2

      cat urls.txt | pvreplace -silent -payload fav-xss.txt -fuzzing-part param-value -fuzzing-type replace -fuzzing-mode single | xsschecker -nc -match 'rix4uni' -vuln -t 100 | sed 's/^Vulnerable: \[[^]]*\] \[[^]]*\] //' | unew xsschecker.txt

      # Step 3

      cat xsschecker.txt | pyxss -o validxss.txt

```

## Usage Examples

```

# Step 1

curl -s "https://raw.githubusercontent.com/rix4uni/WordList/refs/heads/main/payloads/xss/xss-small.txt" | sed 's/^/rix4uni/' | unew -q fav-xss.txt

# Step 2

cat urls.txt | pvreplace -silent -payload fav-xss.txt -fuzzing-part param-value -fuzzing-type replace -fuzzing-mode single | xsschecker -nc -match 'rix4uni' -vuln -t 100 | sed 's/^Vulnerable: \[[^]]*\] \[[^]]*\] //' | unew xsschecker.txt

    

# Step 3

cat xsschecker.txt | pyxss -o validxss.txt

```

## Demo

`v0.0.4` https://youtu.be/CWTEoU3Pkdo

`v0.0.3` https://github.com/user-attachments/assets/3e9dcfaf-8f46-44e5-ab59-e9833ebbaf8f