An Automated Cross-Site Scripting (XSS) Vulnerability Scanner built in Python and Django, designed to detect both reflected XSS and stored XSS vulnerabilities. The project includes a deliberately vulnerable web application for testing, which is also built using Django.
-
XSS Scanner:
- Detects Reflected XSS vulnerabilities.
- Detects Stored XSS vulnerabilities.
- Provides actionable fix suggestions for detected vulnerabilities.
- Simple Django web interface to input target URLs and view scan results.
-
Vulnerable Web Application:
- Demonstrates real-world Reflected XSS and Stored XSS vulnerabilities.
- Allows for testing the scanner's effectiveness.
- Backend: Python, Django
- Web Scraping: Requests, BeautifulSoup
- Testing for Dynamic Content (Optional): Selenium
- Database: SQLite (for vulnerable app)
- Development Environment: Django development server
xss_scanner/
├── manage.py
├── scanner/
│ ├── migrations/
│ ├── templates/
│ │ ├── scan_form.html
│ │ └── scan_results.html
│ ├── utils/
│ │ ├── crawler.py # Crawling input fields from forms
│ │ ├── payloads.py # XSS payloads for testing
│ │ └── scanner.py # Logic for detecting XSS vulnerabilities
│ ├── views.py # Handles user requests
│ ├── urls.py # Routes for the scanner app
├── db.sqlite3 # Scanner database
├── requirements.txt # Project dependencies
└── settings/
├── settings.py # Django settings
├── urls.py # Project-level routes
vulnerable_app/
├── manage.py
├── xss_vulnerable/
│ ├── migrations/
│ ├── templates/
│ │ ├── base.html # Base HTML template
│ │ ├── home.html # Reflected XSS example
│ │ └── comments.html # Stored XSS example
│ ├── models.py # Models for comments
│ ├── views.py # Handles vulnerable endpoints
│ ├── urls.py # Routes for the vulnerable app
├── db.sqlite3 # Vulnerable app database
└── requirements.txt # Project dependencies
- Navigate to the
vulnerable_appdirectory:cd vulnerable_app - Install dependencies:
pip install -r requirements.txt
- Run migrations:
python manage.py makemigrations python manage.py migrate
- Start the server on port
8001:python manage.py runserver 8001
- Access the vulnerable app at
http://127.0.0.1:8001/.
- Navigate to the
xss_scannerdirectory:cd xss_scanner - Install dependencies:
pip install -r requirements.txt
- Start the server on port
8000:python manage.py runserver
- Access the scanner at
http://127.0.0.1:8000/.
- Visit
http://127.0.0.1:8001/:- Test Reflected XSS on the Search page.
- Test Stored XSS on the Comments page.
- Visit
http://127.0.0.1:8000/:- Enter
http://127.0.0.1:8001/as the target URL. - Click "Scan" to identify vulnerabilities in the vulnerable app.
- View results with vulnerability type (Reflected or Stored XSS) and fix suggestions.
- Enter
Input Field: username | Payload: <script>alert('XSS')</script> | Vulnerable: True | Type: Stored XSS
Input Field: query | Payload: <img src=x onerror=alert('XSS')> | Vulnerable: True | Type: Reflected XSS
-
Enhancements for Scanner:
- Add support for DOM-based XSS using Selenium.
- Generate detailed reports in JSON or HTML format.
- Handle authenticated areas by implementing login functionality.
-
Enhancements for Vulnerable App:
- Add more input fields and endpoints with other types of vulnerabilities.
- Implement file uploads or AJAX-based inputs for broader testing scenarios.
Install the following dependencies for both the scanner and the vulnerable app:
Django==3.x
requests
beautifulsoup4
selenium # Optional, for dynamic content testing
Feel free to fork this project, submit issues, or suggest improvements. Contributions are welcome!
This project is licensed under the MIT License.