One of the major vulnerabilities found in web applications.
If you own a web application you should know how to scan for XSS vulnerability. If you do not own a web application, still, knowing about it will help you in the future.
What is Cross-site scripting?
What do we have in cookies? we have saved passwords, or the attacker can redirect the victim to a phishing website.
There are mainly three types of Cross-site scripting attacks.
- Reflected XSS
- Stored XSS
- DOM XSS
Here, we are going to scan a website for XSS vulnerability. The tool going to be used here is called XSpear which is written in GEM and very powerful.
Let’s see how we can configure XSpear in Kali Linux.
Configuring XSpear in Kali Linux
Fire up your Kali Linux machine and download XSpear from Github. Navigate to the directory where you have downloaded it and expand it.
Now its time to start the installation process.
1. Make sure you have Gem installed in your machine. Launch the XSpear script with the command-
gem install XSpear-1.3.1.gem
2. Launch the scan process by using the commands given below. We are using a website legally just for educational purposes.
Now it will list all low, medium and high-level issues.
XSpear has generated the report and found 24 vulnerabilities.
Click here to see more screenshots.
Most hackers are young because young people tend to be adaptable. As long as you remain to be adaptable, you can always be a good hacker. – Emmanuel Goldstein ~Click here to tweet~
Cross-site scripting has always been a powerful attack for hackers. This attack is just basically a Game of Codes!
You have good knowledge of different web-based programming languages, you found a website with XSS vulnerability, then play with it.
What’s your opinion about XSpear? will you use it? Let us know in the comment box below. Also, if you face any problem while installing it, feel free to leave a comment explaining your problem.
The tutorial you found on this website is only for educational purposes. Misuse of this information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other’s property, take written permission from them.