PwnXSS is a free and open-source tool available on Github. This tool is specially designed to find cross-site scripting. This tool is written in python. You must have python 3.7 installed in your Kali Linux. There are lots of websites on the internet which are vulnerable to cross-site scripting(XSS). This tool makes finding cross-site scripting easy. This tool works as a scanner. The Internet has millions of websites and web apps a question comes into mind whether your website is safe or not. Security of our websites plays an important role. Cross-site scripting or XSS is a vulnerability that can be used to hack websites. This tool helps to find such vulnerability easily.
Features of PwnXSS:
- PwnXSS is a multiprocessing support tool,.
- PwnXSS is a customizable tool, You can customize it.
- PwnXSS supports all types of request POST and GET.
- PwnXSS has a feature of error handling. If any error occurred during scanning it can handle easily.
- PwnXSS is free and open source tool.
- PwnXSS is written in python language.
Uses of PwnXSS:
- PwnXSS is used to find cross-site scripting vulnerability in websites and webapps.
- It’s an open-source tool just download it and run it to find cross-site scripting vulnerability.
- This tool is available on GitHub install and starts scanning websites.
- PwnXSS makes it easy to scan websites for xss.
- This tool works like a scanner.
Installation of PwnXSS tool in Kali Linux:
Step 1: Open your Kali Linux terminal and move to Desktop using the following command.
Step 2: You are on Desktop now create a new directory called pwnxss using the following command. In this directory installation of the pwnxss tool will be done.
Step 3: Now move to this directory using the following command.
Step 4: You have to install the first basic requirement using the following command.
pip3 install bs4
Step 5: You have to install the second basic requirement using the following command.
pip3 install requests
Step 6: Now you have to install the tool. This means you have to clone the tool from github using the following command.
git clone https://github.com/pwn0sec/PwnXSS
Step 7: The tool has been downloaded in the pwnxss directory. To list out the contents of the tool use the following command.
Step 8: You can see that a new directory of the pwnxss tool has been generated while we were downloading the tool. Move to this directory using the following command.
Step 9: To list out the content of the tool use the following command.
Step 10: You can see different files of the tool here. Now you have to give permission to the tool using the following command.
chmod 755 -R PwnXSS
Step 11: Use the following command is used to see the help index of the tool.
python3 pwnxss.py --help
The tool has been downloaded successfully using this tool you can easily check the cross-site scripting vulnerabilities of the websites and webapps. Now here are some examples to use the PwnXSS tool.
Example: python3 pwnxss.py -u http://testphp.vulnweb.com
python3 pwnxss.py -u http://testphp.vulnweb.com
The tool has started checking cross-site scripting vulnerability. These are the vulnerability that the tool has detected. The tool keeps checking the website again and again when found a vulnerable website it will show you on the terminal.