检测XSS漏洞的工具

XSS漏洞检测工具，Linux下安装使用，很简单 Examples of usage: ============================== * Simple injection from URL: $ python XSSer.py -u "http://host.com" ------------------- * Simple injection from File, with tor proxy and spoofing HTTP Referer headers: $ python XSSer.py -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "666.666.666.666" ------------------- * Multiple injections from URL, with automatic payloading, using tor proxy, injecting on payloads character encoding in "Hexadecimal", with verbose output and saving results to file (XSSlist.dat): $ python XSSer.py -u "http://host.com" --proxy "http://127.0.0.1:8118" --auto --Hex --verbose -w ------------------- * Multiple injections from URL, with automatic payloading, using caracter encoding mutations (first, change payload to hexadecimal; second, change to StringFromCharCode the first encoding; third, reencode to Hexadecimal the second encoding), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads): $ python XSSer.py -u "http://host.com" --auto --Cem "Hex,Str,Hex" --user-agent "XSSer!!" --timeout "20" --threads "5"