Video Tutorials

XSSSNIPER – An Automatic XSS Discovery Tool – Kali Linux 2017.3

xsssniper is an handy xss discovery tool with mass scanning functionalities.


Usage: [options]

  -h, --help            show this help message and exit
  -u URL, --url=URL     target URL
  --post                try a post request to target url
  --data=POST_DATA      post data to use
  --threads=THREADS     number of threads
                        scan behind given proxy (format:
  --tor                 scan behind default Tor
  --crawl               crawl target url for other links to test
  --forms               crawl target url looking for forms to test
                        provide an user agent
  --random-agent        perform scan with random user agents
  --cookie=COOKIE       use a cookie to perform scans
  --dom                 basic heuristic to detect dom xss


Scanning a single url with GET params:

$ python -u ""

Scanning a single url with POST params:

$ python -u "" --post --data=POST_DATA

Crawl a single url looking for forms to scan:

$ python -u "" --forms

Mass scan an entire website:

$ python -u "" --crawl

Mass scan an entire website forms included:

$ python -u "" --crawl --forms

Analyze target page javascripts (embedded and linked) to search for common sinks and sources:

$ python -u "" --dom


About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: