{"id":870,"date":"2020-05-09T03:02:06","date_gmt":"2020-05-09T02:02:06","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=870"},"modified":"2020-10-08T05:36:59","modified_gmt":"2020-10-08T04:36:59","slug":"traxss-automated-xss-vulnerability-scanner","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/traxss-automated-xss-vulnerability-scanner\/","title":{"rendered":"TraXSS &#8211; Automated XSS Vulnerability Scanner"},"content":{"rendered":"<div id=\"aim19053752785965410802\">\n<div dir=\"ltr\">\n<ul>\n<li>Automated Vulnerability Scanner for XSS<\/li>\n<li>Written in Python3<\/li>\n<\/ul>\n<p>Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests.<\/p>\n<h3>Getting Started<\/h3>\n<p><b>Prerequisites<\/b><br \/>\nTraxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:<\/p>\n<p>brew install cask chromedriver<\/p>\n<p>Alternatively, find a version for other operating systems here:\u00a0https:\/\/sites.google.com\/a\/chromium.org\/chromedriver\/downloads<\/p>\n<h3>Installation<\/h3>\n<p><b>Run the command:<\/b><\/p>\n<p>pip3 install -r requirements.txt<\/p>\n<\/div>\n<\/div>\n<div id=\"aim29053752785965410802\">\n<p><b>Running Traxss<\/b><br \/>\nTraxx can be started with the command:<\/p>\n<p>python3 traxss.py<\/p>\n<p>This will launch an interactive CLI to guide you through the process.<\/p>\n<h3>Types of Scans<\/h3>\n<p>Full Scan with HTML<\/p>\n<p>Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta).<\/p>\n<h3>Full Scan w\/o HTML<\/h3>\n<p>This scan will run the query scan only.<\/p>\n<h3>Fast Scan w\/o HTML<\/h3>\n<p>This scan is the same as the full w\/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.<\/p>\n<h3>Fast Scan w\/o HTML<\/h3>\n<p>This scan is the same as the fast w\/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.<\/p>\n<h3>Contributing<\/h3>\n<p>Thank you for your interest! All types of contributions are welcome.<\/p>\n<ul>\n<li>Fork and clone this repository<\/li>\n<li>Create your branch from the master branch<\/li>\n<li>Please open your PR with the master branch as the base<\/li>\n<\/ul>\n<p><a href=\"https:\/\/github.com\/M4cs\/traxss\" target=\"_blank\" rel=\"noopener noreferrer\">Download TraXSS<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Automated Vulnerability Scanner for XSS Written in Python3 Traxss is an automated framework to scan URLs and webpages for XSS<\/p>\n","protected":false},"author":1,"featured_media":868,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[51],"tags":[],"yst_prominent_words":[1231,1222,1227,1225,1217,1226,1230,1220,1216,1223,1229,1228,1224,1219,1215,735,1232,1218,734,1221],"class_list":["post-870","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=870"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/870\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/868"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=870"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}