Cross Injector — A Python Script for Cross-Site Scripting (XSS) Detection

Anmol K Sachan
3 min readMar 8, 2023

--

Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious code into web pages viewed by other users. These attacks can be used to steal sensitive information or take control of a victim’s browser. To detect and prevent XSS vulnerabilities, developers and security professionals use various tools and techniques. In this blog post, we will introduce you to Cross Injector, a Python script for detecting XSS vulnerabilities in web applications.

Link — https://github.com/anmolksachan/CrossInjector

What is Cross Injector?

Cross Injector is a Python script that can scan a list of URLs for XSS vulnerabilities. It works by injecting XSS payloads into the URLs and checking if the payloads are reflected in the response. If a payload is reflected, the URL is marked as vulnerable. The script uses Selenium WebDriver to automate the process of opening vulnerable URLs in a web browser.

How to use Cross Injector?

Prerequisites

Before using Cross Injector, you must have the following installed:

  • Python 3
  • pip
  • Selenium
  • webdriver_manager
  • termcolor

To install the required Python modules, run the following command:

pip install selenium webdriver_manager termcolor

Usage

To use Cross Injector, follow these steps:

  1. Download the Cross Injector script from the GitHub repository.
  2. Create a text file containing the URLs you want to scan. Each URL should be on a new line.
  3. Create a text file containing the XSS payloads you want to test. Each payload should be on a new line.
  4. Run the script with the following command:
python cross_injector.py -f urls.txt -p payloads.txt

The -f option specifies the file containing the URLs to scan, and the -p option specifies the file containing the XSS payloads to test. By default, the script uses the Chrome web browser. If you want to use a different web browser, you can modify the script accordingly.

How does Cross Injector work?

Cross Injector works by performing the following steps:

  1. Read the list of URLs to scan from the input file.
  2. Read the list of XSS payloads to test from the input file.
  3. Launch a web browser using Selenium WebDriver.
  4. For each URL in the list, inject each XSS payload and check if it is reflected in the response.
  5. If a payload is reflected, mark the URL as vulnerable and open it in a new tab in the web browser.
  6. Write the list of vulnerable URLs to an output file.

The script uses the requests module to make HTTP requests to the URLs and check if the payloads are reflected in the response. The urllib.parse module is used to manipulate URLs and inject the XSS payloads. The termcolor module is used to print colored output to the console.

Demo

Conclusion

Cross Injector is a simple but effective tool for detecting XSS vulnerabilities in web applications. It is easy to use and can be customized to suit your needs. However, it is important to note that Cross Injector is not a substitute for a comprehensive security testing program. To ensure the security of your web applications, you should use a combination of automated and manual testing techniques.

--

--

Anmol K Sachan

Builder, Developer, Problem solver, Ethical Hacker and Penetration tester. I’m Consistent Security Researcher with the desire to make a difference.