Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning.
Installation steps
The installation process is similar to installation for every github tool:
- Go to the repository: Github repo
-
Clone the repository
- Change the working directory
- Enjoy your XSS scanner
Usage and demonstration on an online XSS challenge
You can also attempt to solve this simple xss challenge without the tool first: challenge
After that simply fire up the tool with the -u parameter for url and observe how fast it obtains the correct finding!
Pros
- After thorough inspection and usage, this tool has all that is needed for a simple xss scanner
- DSXS is highly customizable and easy to understand
Cons
- It can not be compared to a more serious tool like XSStrike and in some cases is not as accurate
- It has everything that is needed for a simple scan but it would be nice to see some more features