XSSYA – Cross Site Scripting (XSS) Scanner Tool

Find your website's Achilles' Heel

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2” which searches for the payload decoded in the web page HTML code if it confirmed get the last step which is to execute document.cookie to get the cookie.

XSSYA - Cross Site Scripting (XSS) Scanner Tool

XSSYA Features

  • Supports HTTPS
  • After Confirmation (execute payload to get cookies)
  • Can be run in Windows & Linux
  • Identifies 3 types of WAF (mod_security, WebKnight & F5 BIG IP)
  • XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
  • Support Saving The Web HTML Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal

We have written about a couple of XSS related tools before:

XSS-Proxy – Cross Site Scripting Attack Tool
XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool

You can download XSSYA here:


Or read more here.

Posted in: Hacking Tools, Web Hacking

, , , , , , ,

Recent in Hacking Tools:
- nishang – PowerShell For Penetration Testing
- DyMerge – Bruteforce Dictionary Merging Tool
- mitmproxy – Intercepting HTTP Proxy Tool aka MITM

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,995,235 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,489,646 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 688,788 views

Comments are closed.