Is it even possible? Watch!
Watch the short demo video and explore it yourself.
Frequently asked questions
What types of XSS vulnerabilities can XSScanner detect?
XSScanner is capable of identifying and verifying GET-based & POST-based cross-site scripting vulnerabilities at the moment. Including ones that require additional input from the user to trigger (view our demo video for more information)!
Can I scan multiple URLs at the same time?
Yes, you can manually supply multiple URLs at the same time.
Additionally, you can also initiate a Deep Scan and automate the whole process from content discovery to scanning for CWE-79!
Is XSScanner capable of finding DOM-based cross-site scripting vulnerabilities?
No, at the moment, only GET-based & POST-based XSS vulnerabilities are supported.
Later generations of our XSScanner will include support for DOM-based XSS.
Is XSScanner capable of finding CSP-bypasses?
No, the first generation of XSScanner is currently not capable of finding more advanced CSP bypasses for certain edge-cases.
Later generations of our XSScanner will include full support for Content Security Policy bypasses.