Extended XSS Searcher and Finder - scans for different types of XSS on a list of URLs.


XSS Searcher is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally, it's possible to proxy every request through Burp or another tunnel. First steps Rename the example.app-settings.conf to app-settings.conf and adjust the settings. It should work out of the box but depending on the target I would recommend resizing the chunk sizes. Execution This tool does not expect any arguments via CLI, so just type: python3 extended-xss-search.py Configuration It's possible to set a lot of options and settings, so here are some explanations. Files The main config file is the "app-settings.conf", everything has to be done in that file! Besides that, there are some other files that allow setting more complex data like headers, URLs and cookies. config/cookie-jar.txt Use this file to add a cookie string. I usually copy the....

March 9, 2020
Notify of
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.