Abstract:
This project is about a web based cross site scripting vulnerability scanner that is meant specifically for penetration testers, security personnel inside an organization and freelance testers who detect vulnerabilities (XSS) in web applications. The scanner will be able to assess and detect different forms of cross site scripting vulnerabilities in any form of web application be it http or https and later produce a well-structured report that can be useful for the penetration testers during their scanning process.
It will be a script written fully in Python 3 and compatible with different operating system thus open to be used by any penetration tester who feels fit to use it. The terminal output has been coded neatly to produce output that can be easily interpreted thus avoiding ambiguity during assessment process compared to other scanners that tend to provide output that is hard to understand and takes time for one to read through the lines and detect the problem raised.
With the creation of this project to its success such events that could lead to loss of personal user information being breached could be tackled effectively by the use of this scanner. The vulnerabilities can be assessed and later rectified by sending the output to developers who will be tasked by making sure no event involving cross site scripting attacks could take place