Cross-site scripting is a type of injection attack that occurs when attack vectors are injected in the form of a browser-side script.
To test whether a website is vulnerable to XSS, we could use the following script where we read from an XSS-attack-vectors.txt file that contains all possible attack vectors. If, as a result of making a request to the site to analyze together with the payload, we obtain is the same information sent by the user that is shown again to the user, then we have a clear case of vulnerability.
You can find the following code in the URL_xss.py file in the XXS folder:
import requestsimport sysfrom bs4 import BeautifulSoup, SoupStrainerurl = 'http://testphp.vulnweb.com/search.php?test=query' ...