Cross-site Scripting(XSS) test by XSS-Sniper
Xss-Sniper is a web penetration testing tools used for test XSS attack on the website. It is an open-source tool and it is not pre-install on Kali Linux, So If we want to use this tool in kali first we need to install it. The installation process is very simple.
Go to the root directory in kali and can be downloaded from its GitHub repository:
Then goto xsssniper directory and run a basic scan over a GET request, use only the -u parameter followed by the full URL including a test value:
python xsssniper.py -u http://10.7.7.5/bodgeit/search.jsp?q=
Here I use the OWASP bodgeit to test this command.