XSSRecon - Reflected XSS Scanner

 

• Scans a website for reflected Cross-Site-Scripting
• Zero false positives, its using a real browser checking for the popups
• Automatic out-of-scope checking (experimental, but works very well yet)
• Uses Python 3.7 with selenium / chromedriver
• Crawler or single URL scanner
• Configurable:
  --target | Target to scan
  --crawl | Activate crawler
  --wordlist | Wordlist to use
  --delay | Delay between requests
  --visible | Visible browser for debugging (chromedriver)
  --silent | Only print when vulns have been found