Skip to content
/ xssme Public

XSSME is an automated XSS vulnerability scanner designed to discover XSS (Cross-Site Scripting) vulnerabilities by dynamically finding parameters and injecting payloads.

License

MIT license
6 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ahmedhamdy0x/xssme

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
xssme
xssme
 
 

Repository files navigation

XSSME

XSSME-Ahmed Hamdy-Gentil Security

XSSME is a powerful and automated XSS vulnerability scanner developed to help security professionals and bug bounty hunters efficiently identify Cross-Site Scripting (XSS) vulnerabilities. The tool is designed to dynamically locate exploitable parameters in web applications and inject a wide range of XSS payloads to detect weaknesses.

Features:

  • Dynamic Parameter Detection: Automatically identifies parameters in forms and URLs.
  • Multi-threading Support: Scans multiple endpoints simultaneously for faster results.
  • Custom Payloads: Easily add or modify payloads to adapt the tool to different scenarios.
  • Save Results: Option to save the scan output to a file for further analysis.
  • User-friendly Interface: Simple command-line arguments for seamless usage.

Requirements

Before you begin, make sure you have the following installed on your system:

  • Python 3.x
  • pip (Python package installer)

Installation

1. Create a Virtual Environment (Optional but Recommended)

It's best practice to isolate your tool environment using a virtual environment. This prevents dependency conflicts with other Python projects.

python3 -m venv ~/xssme-env
source ~/xssme-env/bin/activate

2. Clone the Repository

Clone the XSSME tool from GitHub and navigate to the project folder:

git clone https://github.com/ahmedhamdy0x/xssme.git
cd xssme

3. Install Dependencies

Install the necessary Python libraries required for the tool by running:

pip install -r requirements.txt
deactivate

4. Make the Tool Executable

Ensure that the tool is executable by running the following command (if it's not executable already):

chmod +x xssme

5. Add XSSME to Your System PATH

To make the tool globally accessible from any directory, move it to /usr/local/bin/:

sudo mv xssme /usr/local/bin/

This allows you to run xssme from anywhere without needing to specify the path.

Example Usage

Once installed, you can run XSSME by specifying the target URL and optional output file for results:

xssme -v https://target.com -o output.txt

Command-line Arguments:

  • -v or --verbose: Runs the scan in verbose mode, showing detailed results.
  • -o or --output: Save the results to a specified file.

For more options, simply type:

xssme --help

Conclusion

With XSSME, you can simplify the process of finding XSS vulnerabilities in your web applications. This tool is designed to be customizable, fast, and effective, making it a valuable asset for penetration testers, bug bounty hunters, and security researchers.

Contact

Developed by Ahmed Hamdy

Youtube Channel Gentil Security

For inquiries or support, feel free to contact me at: info.gentil.academy@gmail.com

About

XSSME is an automated XSS vulnerability scanner designed to discover XSS (Cross-Site Scripting) vulnerabilities by dynamically finding parameters and injecting payloads.

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages