XSScrapy is an application based on Scrapy and allows us to find XSS vulnerabilities and SQL-injection-type vulnerabilities.
The source code is available in the GitHub repository: https://github.com/DanMcInerney/xsscrapy.
To install it on our machine, we could clone the repository and execute the python pip command together with the requirements.txt file, which contains the Python dependencies and modules used by the application:
$ git clone https://github.com/DanMcInerney/xsscrapy.git$ pip install -r requirements.txt
One of the main dependencies you need to install is scrapy: https://scrapy.org/.
Scrapy is a framework for Python that allows you to perform web scraping tasks, web crawling processes, and data analysis.
Fast, thorough, XSS/SQLi spider. Give it a URL and it’ll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection.
From within the main folder run:
./xsscrapy.py -u http://example.com