#!/usr/bin/python #XSS Scanner that can find hosts using a google query or search one site. #If XSS is found it attempts to collect email addresses to further your attack #or warn the target of the flaw. When the scan is complete #it will print out the XSS's found and or write to file, it will find false positives #so manually check before getting to excited. It also has verbose mode and #you can change the alert pop-up message, check options!! # #Changelog v1.1: added options, verbose, write to file, change alert #Changelog v1.2: added more xss payloads, an exception, better syntax, more runtime feedback #Changelog v1.3: added https support, more xss payloads, the ability to change port, fixed some user input #problems, exiting without error messages with Ctrl-C (KeyboardInterrupt) # #http://darkcode.h1x.com #d3hydr8[at]gmail[dot]com import sys, urllib2, re, sets, random, httplib, time, socket def title(): print "\n\t d3hydr8[at]gmail[dot]com XSS Scanner v1.3" print "\t-----------------------------------------------" def usage(): title() print "\n Usage: python XSSscan.py