XSSYA is a Cross Site Scripting Scanner/Confirmation tool which aims to find XSS vulnerability which is written in Python. It allows a penetration tester to scan a website without using the browser and confirm whether the website is vulnerable to XSS - Cross site scripting vulnerability or not by injecting and executing around 28 encoded payload on the specified URL.

1. XSSYA – Cross Site Scripting (XSS) Scanner Tool
By: Pinaki Mohapatra
Quality Assurance Engineer
Mindfire Solutions
Date: 21st August 2014
.

2. XSSYA Tool Usage
XSSYA is a Cross Site Scripting Scanner/Confirmation tool which aims to find XSS
vulnerability which is written in Python. It allows a penetration tester to scan a website without
using the browser and confirm whether the website is vulnerable to XSS - Cross site scripting
vulnerability or not by injecting and executing around 28 encoded payload on the specified
URL. Now in general while scanning a website it give us false positive vulnerabilities and that
is because many other scanner uses there method to send request and response and try to
execute payload and if it return a status - 200 then it confirm the site is vulnerable but
however these doesn't confirm the vulnerability aand so in such case, the penetration tester
has to test and confirm manually.
What is False Postive ?
False positive is something when you think a specific vulnerability exist in the program, it may
be the result that many security scanner returns after test execution. False positive may
occur because of weak static checks that security scanner detect. Sometime a security
scanner when it tries to detect a vulnerability it may use the algorithm to find one or more pre-defined
signature pattern (i.e. CHECK LOGIC) within an HTTP response and that might go
wrong due to which the scanner will deduce that the vulnerability exists (which actually
doesn't exist in real) and then report it accordingly.
XSSYA - How it Work ?
Written in Python, XSSYA works by executing it library of encoded payload to bypass WAF
(WEB APPLICATION FIREWALLS). This is basically the METHOD 1 which confirm the
Request and Response. If the HTTP response returns status - 200 then the tool attempts to
execute METHOD 2 which actually then search for the payload decoded in the web page
HTML code and if it confirmed then it gets to the last step and execute document.cookie to
get the cookie.
XSSYA Features:
• Support both Windows & Linux ENV
• Support HTTP & HTTPS
• Identifies 3 types of WAF (mod_security, WebKnight & F5 BIG IP)
• XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application
Firewall)
Support Saving The Web HTML Code Before Executing the Payload Viewing the Web
HTML Code into the Screen or Terminal
• After Confirmation (execute payload to get cookies)

3. Download & Installation Procedure:
• You can download XSSYA here (Link – https://github.com/yehia-mamdouh/XSSYA).
Click on the Download ZIP button to download as shown in the screenshot below:
• Once the file is download, extact all the files to any local drive in your machine. See
screenshot below.

4. Now we are all set to run and execute test using XSSYA.
Test Execution:
• For executing test, open run prompt and redirect to the directory where you have
extracted the ZIP files (Mostly look for the directory which contains xssya.py file). See
screenshot below.

5. • Now to initiate your test enter python xssya.py and hit enter.
• Enter the Vulnerable Website link and hit enter. (For demostration purpose, i am using
the following link which is vulnerable to XSS - " http://demo.testfire.net/search.aspx?
txtsearch= " and for learning you may use the same).
Note: Make sure to choose a vulnerable link which ends with [ / or = or ? ]

6. • As mentioned above, in the next step we need to choice 1 or 2 i.e. we need to select
Method 1 or Method 2.
Method 1 - It is used to check the link is vulnerable or not i.e. Confirmation of Request
and Response.
Method 2 - If Method 1 returns success i.e. it confirms the link is vulnerable then it
execute
encoded payload and search for the same payload in web HTML code to
get the
cookies.

7. • At the end of the test execution, this tool also allow you to save the web page html
code and print them. See screenshot below.
Happy Hunting !! :)