The ExpertXSS is a Python-based penetration testing tool designed to check for Cross-Site Scripting (XSS) vulnerabilities on web applications. It automatically fetches the latest payloads from PayloadBox’s XSS Payload List and a pool of user agents from a popular User-Agent gist.
It also features:
- ASCII cyberpunk flair for a stylish console output
- Conditional GET (ETag/Last-Modified) caching to avoid re-downloading the same payload lists
- Concurrency options via threads
- Basic WAF detection
- Proxy support for routing through tools like Burp Suite or ZAP
- JSON logging of results
-
Dynamic Payload Retrieval
Grabs the latest XSS payloads directly from GitHub, checking if the file has changed since last time. -
User-Agent Rotation
Loads a list of user agents from a gist and rotates them randomly on each request, adding an extra layer of variety. -
Concurrent Scanning
Use multi-threading to speed up testing of multiple payloads. -
Optional WAF Check
A lightweight WAF detection that looks for common markers such as “403 Forbidden,” “Cloudflare,” etc. -
ASCII Art & Colorized Output
Color-coded success/fail messages displayed in a futuristic ASCII style. -
GET/POST Parameter Injection
Automatic injection into a specified parameter via either GET or POST requests. -
Save Results to JSON
Output all successful or failed payloads to a JSON file for further analysis.
- Python 3.8+
- pip or another Python package manager
- colorama, requests, tqdm, argparse, concurrent.futures (ships with Python 3.8+), etc.
- Clone this repository:
git clone https://github.com/Masriyan/ExpertXSS.git
cd ExpertXSS
-
(Optional) Create a virtual environment:
python -m venv venv
source venv/bin/activate # Linux/Mac
venv\Scripts\activate # Windows
-
Install dependencies:
pip install -r requirements.txt
-
Run the tool:
python ExpertXSS.py
Flag/Option | Description | Default Value |
---|---|---|
-u, --url |
Target URL for XSS testing. | Prompt user |
-m, --method |
HTTP method: GET or POST . |
GET |
-p, --param |
Parameter name for injection. | q |
--concurrency | Number of concurrent threads. | 1 |
--proxy | Proxy URL (e.g., http://127.0.0.1:8080 ). |
None |
--output | JSON file path to store results. | None |
--no-waf-check | Skip simple WAF detection. | Not skipped |
-
Basic usage:
python ExpertXSS.py -u "https://example.com"
-
Concurrent scanning:
python ExpertXSS.py -u "https://example.com" --concurrency 5
-
Use a proxy & POST method:
python ExpertXSS.py -u "https://example.com/vuln" -m POST -p "search" --proxy "http://127.0.0.1:8080"
-
Save to JSON:
python ExpertXSS.py -u "https://example.com" --output results.json
-
Skip WAF check:
python ExpertXSS.py -u "https://example.com" --no-waf-check
Below is a demonstration of the Expert XSS in action: