This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.
This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.
Comments URL: https://news.ycombinator.com/item?id=41251312
Points: 11
# Comments: 0
Accedi per aggiungere un commento
Altri post in questo gruppo
Article URL: https://www.sciencenews.org/article/cancer-tumor-dna-blood-test-screening
Comments URL:
We launched marimo [1], an open-source reactive Python notebook, last year on HackerNews. Today, the most popular recent feature request in Google Colab’s issue tracker asks for marimo support in
Article URL: https://eprint.iacr.org/2025/1237
Comments URL: https://news.ycombinator
