Wednesday, March 25, 2009

XSS Rays -New XSS Scanner

It works as a bookmarklet and scans any links, paths or forms on the target scanning page (even cross domain). You can add vectors to it quite easily and it includes some of the most common injections I’ve found on sites over the years. I’ve tested it on IE7/IE8 and Firefox but it could work in other browsers.

Download & Instructions

Download here

1. You need to install a local web server like xampp:-
2. Once installed copy the XSS_Rays directory to your web server root xampp root is :- C:\xampp\htdocs\
3. Open the bookmarklet.html file in the helpers directory of XSS_Rays. Drag to your bookmarks toolbar on Firefox or on IE right click the link and click add to favorites (You might get a security warning in IE).
4. Find your web site that you wish to scan, click your bookmarklet. Then press CTRL+ALT+X which will now run XSS Rays on the target site.


No comments: