Open In App

Traxss – Automated XSS Vulnerability Scanner

Improve
Improve
Like Article
Like
Save
Share
Report

XSS Vulnerability is one of the emerging and most detected vulnerabilities in web applications. Automated testing is performed mostly to detect XSS on the target domain. Traxss is an automated XSS Vulnerability Scanner developed in the Python Language. 

Traxss tool is a free and open-source tool available on GitHub. Traxss tool has a list of malicious scripts or payloads which are been tested on the target domain parameters and server. The executed script is displayed on the terminal with the payload triggered. We can then copy the URL and cross verify by pasting the URL onto Web Browser and checking the execution. The security of our websites performs a crucial role. Cross-site scripting or XSS is a vulnerability that can be used to penetrate websites. This tool helps to find such vulnerabilities easily.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of Traxss Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/M4cs/traxss.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd traxss

Step 3: You are in the directory of the Traxss. Now you have to install a dependency of the Traxss using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 traxss.py -h

Working with Traxss Tool on Kali Linux OS:

Example: Testing https://xss-game.appspot.com/level1/frame?query= target domain.

In this example, We will be testing XSS Vulnerability on the https://xss-game.appspot.com/level1/frame?query= domain.

Tool has inserted the malicious payload and the payload is executed on the domain.

Payload Used: <script>alert(123)%3B<%2Fscript>%0A

We have opened the malicious URL in the Web Browser and the Popup of XSS is generated.


Last Updated : 14 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads