30 July 2014 | 6,050 views

XSSYA – Cross Site Scripting (XSS) Scanner Tool

Cyber Raptors Hunting Your Data?

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2” which searches for the payload decoded in the web page HTML code if it confirmed get the last step which is to execute document.cookie to get the cookie.

XSSYA - Cross Site Scripting (XSS) Scanner Tool

XSSYA Features

  • Supports HTTPS
  • After Confirmation (execute payload to get cookies)
  • Can be run in Windows & Linux
  • Identifies 3 types of WAF (mod_security, WebKnight & F5 BIG IP)
  • XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
  • Support Saving The Web HTML Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal

We have written about a couple of XSS related tools before:

XSS-Proxy – Cross Site Scripting Attack Tool
XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool

You can download XSSYA here:


Or read more here.


Recent in Hacking Tools:
- KeeFarce – Extract KeePass Passwords (2.x) From Database
- 0d1n – Web HTTP Fuzzing Tool
- SpiderFoot – Open Source Intelligence Automation Tool (OSINT)

Related Posts:
- XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool
- XSS-Proxy – Cross Site Scripting Attack Tool
- Vega – Open Source Cross Platform Web-Application Security Assessment Platform

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,939,711 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,274,516 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 658,847 views

Advertise on Darknet

Comments are closed.