Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sarperavci/mxs

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.
https://github.com/sarperavci/mxs

mxs python scanner xss xss-detection xss-exploit

Last synced: 6 days ago
JSON representation

A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.

Host: GitHub
URL: https://github.com/sarperavci/mxs
Owner: sarperavci
Created: 2024-07-28T10:52:11.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-08-16T14:04:45.000Z (3 months ago)
Last Synced: 2024-08-16T15:35:42.460Z (3 months ago)
Topics: mxs, python, scanner, xss, xss-detection, xss-exploit
Language: Python
Homepage:
Size: 25.4 KB
Stars: 57
Watchers: 3
Forks: 19
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Mass XSS Scanner (MXS)

An advanced XSS scanner that utilizes asynchronous requests to scan a large number of URLs quickly and efficiently.

## Features

- Low CPU usage: Utilizes asynchronous requests to scan, consuming less CPU than traditional scanners.
- Memory efficient: Efficiently handles large wordlists.
- Fast: Can scan a large wordlist in a matter of seconds.
- Low false positives: Employs a polyglot XSS payload to minimize false positives.

## Demo Video

![](https://cdn.sarperavci.com/cJnVRnYy/CZuIEt.gif)

## Installation

Install the required dependencies:

```bash
pip install -r requirements.txt
```

## Usage

Basic usage:

```bash
python3 MXS.py -i -c -o -t
```

Example:

```bash
python3 MXS.py -i wordlist.txt -c 1500 -o results.txt -t 15
```

This will scan the `wordlist.txt` file with a concurrency of 1500, a timeout of 15 seconds, and save the results to `results.txt`.

### Options

- `-i` or `--input`: Specify the input file containing URLs for scanning.
- `-c` or `--concurrency`: Set the number of concurrent requests to be made.
- `-o` or `--output`: Define the output file for storing the results.
- `-t` or `--timeout`: Set the timeout duration (in seconds) for each request.
- `-p` or `--payload`: Specify a file that contains a custom payload.
- `-x` or `--hidden`: Suppress domain names in the terminal output.
- `-h` or `--help`: Display the help message.

## What's Next?

[Planned features](https://github.com/sarperavci/MXS/issues/7)

## Notes

If you are experiencing issues with concurrency, you can try reducing the number of concurrent requests or increasing the timeout. For example, with a download speed of 300 Mbps, using a concurrency of 1500 and a 15-second timeout typically yields optimal results

## Contributing

If you want to contribute to this project, feel free to fork it and submit a pull request. It will be reviewed as soon as possible and merged if it is a good fit for the project.