A powerful xss scanner for scanning many urls

0x01Why I make this tool?

I’m working in a electronic commerce company as information security engineer, I need analyse risk in logs from online system. Log’s size is always more than TB. It’s hard to find vulnerability manually. So we develope our tools for scanning work every day.

0x02 What’s “NoXss”?

“NoXss” is a plugin of our Web Scanner named Tiamat, a powerful xss scanner . It’s really faster and suitable for scanning big data. We have used it to find 300+ xss rencently.

  • It used only 5 payloads based param’s position to find xss risk rather than fuzzing. Fuzzing is open slowly and blind.
  • Phantomjs & Chrome are used in this tool. That means it supports DOM based xss. We can open 4 or more browsers to work together, means faster.
  • Analysis. NoXss will create save many files for helping to analyse xss for users because some xss is diffcult to scan,such as Multiparted form request, WAF’s deny, 302 redirect, etc.
  • Work with Burpsuite. User can export their traffic data from Burpsuite to **.xml, then scan it. This is really a good function.
  • Support some headers like Cookie, Referer, Token or others, this tool will add it automatically. So you don’t worry the logined state or some header’s check in backend.
  • NoXss is highly concurrent for using coroutine(Gevent).

0x03 Some result we have found

In fact, NoXss find lots of xss every day. Following are some example:
Sorry these examples are not allowed to open by 0x00sec’s admin.

0x04 How to use it?

See details in https://github.com/lwzSoviet/NoXss. We have a release at https://github.com/lwzSoviet/NoXss/releases/tag/v1.0-beta

0x05 Our Plan

We decide to open this plugin at https://github.com/lwzSoviet/NoXss firstly. The whole scanner “Tiamat” need more better plugins like command injection, ssrf, etc. We will open it in a few time.
Using “NoXss” and give me some advice or issues if you have interest in it.

Don’t forget to Star it if it’s helpful to you:v:

1 Like