XSSniper - Advanced XSS Vulnerability Scanner

Professional Security Testing Framework - 2025 Edition

🚀 Quick Installation

Method 1: Git Clone (Recommended)

# Clone the repository
git clone https://github.com/H4mzaX/XSSniper.git
cd XSSniper

# Install dependencies
pip install -r requirements.txt

# Make scripts executable (Linux/macOS)
chmod +x *.py

# Run XSSniper
python3 XSSniper.py -u "https://example.com" -v

Method 2: Direct Download

# Download and extract
wget https://github.com/H4mzaX/XSSniper/archive/main.zip
unzip main.zip && cd XSSniper-main

# Install and run
pip install -r requirements.txt
python3 XSSniper.py --help

Method 3: Global Installation

# Clone and install globally
git clone https://github.com/H4mzaX/XSSniper.git
cd XSSniper

# Add to PATH for global access
echo 'export PATH="$PATH:$(pwd)"' >> ~/.bashrc
source ~/.bashrc

# Now run from anywhere
XSSniper.py -u "https://target.com" -v

📋 What's New in 2025

🔥 Major Enhancements

• 🆓 Completely Open Source - No licensing restrictions, free for everyone
• ⚡ 5x Performance Boost - Async/await architecture with concurrent processing
• 🎯 Latest CVE Coverage - 120+ payloads based on 2024-2025 vulnerabilities
• 🛡️ Advanced WAF Bypass - Smart detection and evasion for 8+ major WAFs
• 🧠 AI-Powered Detection - Intelligent context analysis and false positive reduction
• 🌐 Modern Framework Support - React, Vue.js, Angular XSS detection
• 📊 Professional Reporting - Detailed vulnerability reports with proof-of-concept

🆕 New Attack Vectors

• DOM-based XSS (CVE-2025-24017)
• Template Literal Injection (CVE-2025-26791)
• Mutation XSS (mXSS) - Advanced HTML parser bypasses
• WebSocket XSS - Modern real-time communication exploits
• PostMessage XSS - Cross-frame communication vulnerabilities
• CSP Bypass Techniques - Content Security Policy evasion
• Framework-Specific Exploits - React, Vue, Angular vulnerabilities

⚡ Advanced Features

🎯 Core Capabilities

🛡️ WAF Bypass Support

• Cloudflare - SVG onload, iframe srcdoc, math element attacks
• AWS WAF - Template literals, array methods, constructor chains
• Akamai - Details ontoggle, marquee onstart, object data attacks
• ModSecurity - Base64 eval, Function constructor, entity encoding
• Imperva (Incapsula) - String methods, regex sources, template literals
• F5 BIG-IP - Advanced header-based detection and bypass
• Barracuda - Server signature recognition and evasion
• Fortinet - Response pattern analysis and circumvention

🔍 Parameter Discovery Methods

1. HTML Form Analysis - Extract form inputs and hidden fields
2. JavaScript Parsing - Find parameters in JS code and AJAX calls
3. API Documentation - Check Swagger/OpenAPI endpoints
4. Error Response Analysis - Discover parameters from error messages
5. Header Analysis - Extract hints from HTTP headers
6. Wordlist-Based Discovery - 500+ common parameter names

🧪 Payload Categories

• DOM-based XSS - Modern client-side vulnerabilities
• Template Literal Injection - ES6 template string exploits
• Mutation XSS - HTML parser mutation attacks
• Framework Bypasses - React, Vue.js, Angular-specific payloads
• CSP Bypass - Content Security Policy evasion techniques
• Modern JavaScript - ES6+ features exploitation
• WebAssembly & APIs - Cutting-edge browser API abuse
• Unicode/Encoding - Character encoding bypass methods

🚀 Usage Examples

Basic Scanning

# Simple URL scan
python3 XSSniper.py -u "https://example.com/search?q=test"

# Verbose output
python3 XSSniper.py -u "https://example.com" -v

# Custom threads and delay
python3 XSSniper.py -u "https://example.com" -t 20 -d 0.5

Advanced Scanning

# Scan with parameter discovery
python3 param_discovery.py -u "https://example.com" -v

# Test specific payloads
python3 payload_tester.py -u "https://example.com" --cve-2024 -v

# Scan multiple URLs from file
python3 XSSniper.py -l urls.txt -t 30 -v

# Custom output file
python3 XSSniper.py -u "https://example.com" -o my_scan_results.json

WAF Bypass Scanning

# Auto-detect and bypass WAFs
python3 XSSniper.py -u "https://example.com" --waf-bypass -v

# Force specific WAF bypass
python3 XSSniper.py -u "https://example.com" --waf cloudflare -v

# Use encoding evasion
python3 XSSniper.py -u "https://example.com" --encoding url,html,unicode -v

Professional Testing

# Full comprehensive scan
python3 XSSniper.py -u "https://example.com" \
  --discover-params \
  --waf-bypass \
  --browser-verify \
  --all-payloads \
  -t 30 -v

# Generate detailed report
python3 XSSniper.py -u "https://example.com" \
  --report-format html \
  --include-screenshots \
  -o detailed_report.html

📖 Documentation

🛠️ Command Line Options

Main Scanner (XSSniper.py)

usage: XSSniper.py [-h] [-u URL] [-l LIST] [-t THREADS] [-d DELAY] 
                   [-v] [-o OUTPUT] [--waf-bypass] [--browser-verify]
                   [--user-agent UA] [--encoding METHODS] [--timeout SEC]

arguments:
  -h, --help           show this help message and exit
  -u URL               Target URL to scan
  -l LIST              File containing list of URLs
  -t THREADS           Number of concurrent threads (default: 20)
  -d DELAY             Delay between requests in seconds (default: 0)
  -v, --verbose        Enable verbose output
  -o OUTPUT            Output file for results (JSON format)
  --waf-bypass         Enable WAF bypass techniques
  --browser-verify     Verify XSS execution in real browser
  --user-agent UA      Custom User-Agent string
  --encoding METHODS   Encoding methods: url,html,unicode,base64
  --timeout SEC        Request timeout in seconds (default: 15)
  --discover-params    Enable parameter discovery
  --all-payloads       Use all payload categories
  --report-format      Output format: json,html,xml (default: json)

Parameter Discovery (param_discovery.py)

usage: param_discovery.py [-h] -u URL [-t THREADS] [-d DELAY] [-v]
                         [--wordlist WORDLIST] [--timeout SEC]

arguments:
  -u URL               Target URL for parameter discovery
  -t THREADS           Number of concurrent threads (default: 20)
  -d DELAY             Delay between requests in seconds
  -v, --verbose        Enable verbose output
  --wordlist WORDLIST  Custom parameter wordlist file
  --timeout SEC        Request timeout in seconds
  --deep-scan          Enable deep parameter discovery
  --api-endpoints      Check common API endpoints
  --error-analysis     Analyze error responses for parameters

Payload Tester (payload_tester.py)

usage: payload_tester.py [-h] -u URL [-p PARAMS] [-t THREADS] [-v]
                        [--payloads PAYLOADS] [--encoding METHODS]

arguments:
  -u URL               Target URL for payload testing
  -p PARAMS            Comma-separated list of parameters to test
  -t THREADS           Number of concurrent threads (default: 20)
  -v, --verbose        Enable verbose output
  --payloads PAYLOADS  Custom payload file (JSON format)
  --encoding METHODS   Encoding methods to apply
  --cve-2024           Use latest 2024 CVE-based payloads
  --framework FRAMEWORK Test framework-specific payloads (react,vue,angular)

📊 Example Output

Successful XSS Detection

$ python3 XSSniper.py -u "https://vulnerable-site.com/search?q=test" -v

[12:34:56] [INFO] XSSniper v3.0 - Advanced XSS Scanner
[12:34:56] [INFO] Target: https://vulnerable-site.com/search?q=test
[12:34:57] [WARNING] WAF Detected: Cloudflare
[12:34:57] [INFO] Loading Cloudflare bypass payloads...
[12:34:58] [SUCCESS] Parameter discovered: q
[12:34:59] [VULN] XSS Found: <svg/onload=alert(document.domain)>
[12:35:00] [VULN] Context: Direct HTML injection
[12:35:00] [SUCCESS] Browser verification: CONFIRMED
[12:35:01] [INFO] Scan completed. 1 vulnerability found.

╭─────────────────────────────────────────────────────────╮
│                   VULNERABILITY FOUND                   │
├─────────────────────────────────────────────────────────┤
│ Type:      Reflected XSS (DOM-based)                   │
│ Parameter: q                                            │
│ Payload:   <svg/onload=alert(document.domain)>         │
│ Context:   HTML attribute injection                    │
│ Severity:  HIGH                                         │
│ CVE:       CVE-2025-24017                              │
│ Verified:  ✅ Browser confirmed execution               │
╰─────────────────────────────────────────────────────────╯

Parameter Discovery Output

$ python3 param_discovery.py -u "https://example.com" -v

[12:34:56] [INFO] Starting parameter discovery...
[12:34:57] [FOUND] Form parameter: username
[12:34:57] [FOUND] Form parameter: password
[12:34:58] [FOUND] JS parameter: callback
[12:34:58] [FOUND] API parameter: api_key
[12:34:59] [FOUND] Header parameter: x-request-id

PARAMETER DISCOVERY REPORT
═══════════════════════════════════════════════════════════
Discovered 5 potential parameters:
 1. username
 2. password  
 3. callback
 4. api_key
 5. x-request-id

Parameters saved to: discovered_params_1704110699.txt

🏗️ Project Structure

XSSniper/
├── 📄 XSSniper.py              # Main scanner with async architecture
├── 🔍 param_discovery.py       # Advanced parameter discovery tool  
├── 🧪 payload_tester.py        # Comprehensive payload testing engine
├── 📋 requirements.txt         # Python dependencies
├── 🛠️ setup.sh                # Automated setup script
├── 📊 xss_payloads.json       # Payload database (JSON)
├── 🎨 banner.txt               # ASCII art banner
├── 📖 README.md                # This documentation
├── 📜 LICENSE                  # Open source license
├── 🔧 INSTALLATION.md          # Detailed installation guide
└── 📝 .gitignore               # Git ignore rules

🤝 Contributing

We welcome contributions! Here's how you can help:

🐛 Bug Reports

• Use the GitHub issue tracker
• Include OS, Python version, and error details
• Provide reproduction steps

💡 Feature Requests

• Suggest new payload types
• Request WAF bypass techniques
• Propose performance improvements

🔧 Code Contributions

# Fork the repository
git clone https://github.com/yourusername/XSSniper.git
cd XSSniper

# Create feature branch
git checkout -b feature/amazing-feature

# Make changes and test
python3 XSSniper.py --help

# Commit and push
git add .
git commit -m "Add amazing feature"
git push origin feature/amazing-feature

# Create Pull Request

📝 Documentation

• Improve README sections
• Add usage examples
• Create tutorials and guides

🔐 Security & Ethics

⚖️ Legal Notice

This tool is for authorized security testing only. Users are responsible for:

• Obtaining proper authorization before testing
• Complying with local laws and regulations
• Using the tool ethically and responsibly

🛡️ Best Practices

• Always get written permission before testing
• Use rate limiting (-d flag) to avoid overloading targets
• Respect robots.txt and security policies
• Report findings responsibly through proper channels

📈 Performance Benchmarks

📞 Support & Contact

🆘 Get Help

• GitHub Issues: Report bugs or request features
• Discussions: Community discussions and Q&A
• Documentation: Comprehensive guides and tutorials

👨‍💻 Developer

• Author: H4mzaX
• GitHub: @H4mzaX
• Repository: https://github.com/H4mzaX/XSSniper

🌟 Show Your Support

If XSSniper helped you in your security testing, please:

• ⭐ Star the repository
• 🍴 Fork and contribute
• 📢 Share with the security community
• 💬 Join our discussions

📄 License

XSSniper is released under the MIT License - completely free and open source.

MIT License

Copyright (c) 2025 H4mzaX

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.