#!/usr/bin/python
#XSS Scanner that can find hosts using a google query or search one site.
#If XSS is found it attempts to collect email addresses to further your attack
#or warn the target of the flaw. When the scan is complete
#it will print out the XSS's found and or write to file, it will find false positives
#so manually check before getting to excited. It also has verbose mode and
#you can change the alert pop-up message, check options!!
#
#Changelog v1.1: added options, verbose, write to file, change alert
#Changelog v1.2: added more xss payloads, an exception, better syntax, more runtime feedback
#Changelog v1.3: added https support, more xss payloads, the ability to change port, fixed some user input #problems, exiting without error messages with Ctrl-C (KeyboardInterrupt)
#
#d3hydr8[at]gmail[dot]com
import sys, urllib2, re, sets, random, httplib, time, socket
def title():
print "\n\t d3hydr8[at]gmail[dot]com XSS Scanner v1.3"
print "\t-----------------------------------------------"
def usage():
title()
print "\n Usage: python XSSscan.py
\n" : Searches google for hosts" : Searches just that site, (default port 80)" : Change the alert pop-up message" : Writes potential XSS found to file" alert(String.fromCharCode(68,51,72, 89,68,82,56,45,48,119,78,122,45,89,48,85)); ", alert(%27"+alert+"%27) "] 
Anasayfa
Kapı
Latest images
Kayıt Ol
Giriş yap
