This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.
This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.
Comments URL: https://news.ycombinator.com/item?id=41251312
Points: 11
# Comments: 0
Accedi per aggiungere un commento
Altri post in questo gruppo
Article URL: https://serd.es/2025/07/04/Switch-project-pt3.html


Article URL: https://www.nature.com/articles/s41586-025-09044-5
Article URL: https://t2tmud.org/
Comments URL: https://news.ycombinator.com/item?id=44474919
Article URL: https://simd.info/
Comments URL: https://news.ycombinator.com/item?id=44496229