Vulnerability Analysis Web Application

XSSYA – Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation that is working in two methods.

  • Method number 1 for Confirmation Request and Response
  • Method number 2 for Confirmation Execute encoded payload and search for the same payload in web HTML code but decoded

What is Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

XSSYA – Cross Site Scripting Scanner & Vulnerability Confirmation Features:

  • Can be run in (Windows – Linux)
  • Support HTTPS
  • After Confirmation (execute payload to get cookies)
  • Identify 3 Types of WAF (Mod_Security – WebKnight – F5 BIG IP)

XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall) It Also Support Saving the Web Html Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal.

XSSYA is available at  github, to download it, open a terminal and execute the following command.

For more info visit https://github.com/yehia-mamdouh/XSSYA, and the new version foe XSSYA is now available on git.

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply