XSSNinja is a Rust-based tool for automated detection of Cross-Site Scripting (XSS) vulnerabilities in web applications. It scans provided URLs, testing various payloads to identify potential vulnerabilities.
- High Concurrency: Scans multiple URLs simultaneously using Rust's asynchronous features.
- Diverse Payloads: Uses a variety of well-known payloads for XSS detection.
- Smart Parameter Extraction: Extracts parameters from forms and scripts on the page for more comprehensive testing.
- GET and POST Modes: Tests both GET and POST requests.
- Verbose Mode: Option to display detailed logs during execution.
Ensure Rust is installed on your machine. You can install it via rustup.
Clone the repository and build the project:
git clone https://github.com/kg1102/xssninja.git
cd xssninja
cargo build --releaseThe compiled binary will be available at target/release/xssninja.
You can use xssninja by providing a list of URLs through a file or via standard input (stdin).
./xssninja -f urls.txtcat urls.txt | ./xssninja./xssninja -f urls.txt -c 100./xssninja -f urls.txt -vUSAGE:
xssninja [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
-v, --verbose Activates verbose mode
OPTIONS:
-c, --concurrency <concurrency> Sets the level of concurrency [default: 200]
-f, --file <file> Path to the file containing URLs
-
URL Input: The tool reads URLs to be tested from a file or standard input.
-
Wordlist Download: Downloads a wordlist of parameters to increase test coverage.
-
XSS Scanning: For each URL:
- Initial Analysis: Makes an initial request to fetch the response body.
- Parameter Extraction: Extracts parameter names from inputs, JavaScript variables, and URLs present in the response.
- Payload Testing:
- Existing Parameters: Tests payloads on the parameters already present in the URL.
- Extracted Parameters: Tests payloads on the parameters extracted from the response body.
- Wordlist Parameters: Tests payloads using parameters from the external wordlist.
- XSS Detection: Checks if injected payloads appear in the response, indicating a potential vulnerability.
-
Results: Displays the found vulnerabilities, highlighting confirmed and potential XSS.
XSS NINJA - Starting scan...
XSS FOUND (GET): http://example.com/?search=%22%3E%3Csvg%2Fonload%3Dalert(1)%3E
- XSS FOUND: Confirmed vulnerability.
- POSSIBLE XSS: Indicates that the payload might be present in an exploitable context.
- Sanitized Payload (Verbose Mode): The payload was filtered by the server.
- Not Vulnerable (Verbose Mode): No vulnerabilities detected with the tested payloads.
Contributions are welcome! Feel free to open issues and pull requests.
To set up the development environment:
- Clone the repository.
- Create a new branch for your feature or fix.
- Make your changes and commit.
- Open a pull request describing your changes.
This project is licensed under the MIT License – see the LICENSE file for details.
Disclaimer: This tool is developed for educational purposes and to assist with authorized security testing. Misuse of this tool may be illegal and is the sole responsibility of the user. Always obtain permission before testing systems that you do not own.
For the Portuguese version of this README, see readme-ptbr.md.