Cross Site Scripting Scanner "xsss"
Version 0.40 released at What The Hack 2005
(c) Sven Neuhaus <sn@heise.de>
For license information, read the included file "GPL".

 Usage:
  ./xsss [options] url ...

 Valid options:
	--forms, --queries, --pathinfo --list=file --depth=n --help --maxcount=n


	--forms enables forms scanning (disabled by default)

	--noqueries disables query string scanning (enabled by default)

	--list=filename scans list of URLs from file

	--depth=n mit levels of recursion. default is 5.

	--maxcount=n Limit number of request. Default 1000


xsss does brute-force scanning for xss vulnerabilities by requesting
URLs and submitting documents with special data containing HTML control
characters and looking for them in the web server response.

It can currently both deal with HTML forms and parameters in URLs (query 
strings).

Requirements:

  perl 5.x with the WWW::Mechanize module.

Planned features:

* Scanning of "deep web" by submitting forms with valid data and 
  crawling from there

* XSS via PATH_INFO

* Currently, xsss can't put arbitrary data into select options, checkboxes
  and radiobuttons due to strict checking in HTML::Form (which is used by
  WWW::Mechanize and thus xsss) which cannot be circumvented. A future
  version of xsss will either replace the code in question or (hopefully)
  use an updated version of HTML::Form that allows such manipulation.

Patches, bug reports and comments welcome!

Web page at http://www.sven.de/xsss/
