loading
loading
Vulnerabilities
Damn Small XSS Scanner: a cross-site scripting vulnerability scanner in under 100 lines of code.
overview
dsxs is a minimal cross-site scripting scanner that tests a single target URL's GET and POST parameters for reflection flaws. In under 100 lines of Python, it injects a marked payload, watches how each parameter echoes back into the response, and flags the parameters that reflect it unescaped.
It carries the request controls a real target needs. Route traffic through an HTTP proxy, set Cookie, Referer, and User-Agent headers to reach pages behind a session or a header check, and pass --data to test form fields over POST. Each hit also reports whether the marker came back with no filtering or some filtering, so you know how much work a firing payload still needs.
On Trickest, dsxs is a Vulnerabilities node that takes a target URL and writes a folder and a file of results. Reach for it as a quick confirmation step on one endpoint, or fan it out across a list of parameterized URLs a crawler collected earlier in the workflow.
source github.com/stamparm/DSXS
use cases
Point dsxs at a parameterized URL to check whether a GET or POST parameter reflects an injected marker, a fast yes-or-no on a suspected flaw.
Set the Cookie, Referer, and User-Agent headers so dsxs loads authenticated pages and tests the parameters that only appear once you are logged in.
Run dsxs over parameterized URLs from a crawler like gau or katana to flag the candidates worth a closer manual look.
Read the no-filtering or some-filtering note dsxs prints on each hit to judge whether a parameter reflects raw or needs an evasion payload to fire.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | -u | Target URL, e.g. http://www.target.com/page.htm?id=1. |
| post-data | STRING | --data | POST data to test, e.g. query=test. |
| cookie | STRING | --cookie | HTTP Cookie header value. |
| user-agent | STRING | --user-agent | HTTP User-Agent header value. |
| referer | STRING | --referer | HTTP Referer header value. |
| proxy | STRING | --proxy | HTTP proxy address, e.g. http://127.0.0.1:8080. |
Showing key inputs. dsxs exposes 6 inputs in total.
example
# test a reflected GET parameter and a POST form field on one endpointpython dsxs.py -u "http://example.com/search?q=1" --data "comment=test" --cookie "PHPSESSID=1a2b3c" Damn Small XSS Scanner (DSXS) < 100 LoC (Lines of Code) #v0.3c by: Miroslav Stampar (@stamparm) * scanning GET parameter 'q' (i) GET parameter 'q' appears to be XSS vulnerable (".xss.", pure text response, no filtering)* scanning GET parameter 'category'* scanning POST parameter 'search' scan results: possible vulnerabilities foundguidance
Use dsxs for a fast, lightweight XSS check on a specific URL with known parameters. For the SQL injection equivalent, run its sibling dsss. For broad payload coverage and filter-evasion across many endpoints, reach for a dedicated XSS engine instead.
The sibling damn-small scanner for SQL injection. Same minimal design, different vulnerability class.
Reflection-based XSS verification from a URL list. A sibling for high-volume confirmation rather than single-URL checks.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A target URL feeds dsxs, which tests its GET and POST parameters for cross-site scripting and writes the findings as a queryable output.
Facts on this page come from the live Trickest tool library.