BitHarsh18/ShadowXSS
GitHub: BitHarsh18/ShadowXSS
Stars: 0 | Forks: 0
# ShadowXSS - Python Based XSS Vulnerability Scanner
## Overview
ShadowXSS is a modular Python-based Cross-Site Scripting (XSS) vulnerability scanner designed to automate the discovery of reflected XSS vulnerabilities in web applications.
The project was built from scratch to understand how real-world web vulnerability scanners work by implementing crawling, form extraction, payload injection, URL parameter testing, vulnerability detection, and report generation.
## Why I Built This Project
Modern web applications frequently suffer from input validation and output encoding issues that can lead to Cross-Site Scripting (XSS) vulnerabilities.
The goal of this project was to:
* Learn offensive web security concepts
* Understand how automated scanners work
* Gain practical experience with HTTP requests and web crawling
* Build a cybersecurity-focused project relevant to SOC Analyst and Security Analyst roles
* Develop a modular and extensible security tool
HTML Vulnerability Report
### CLI Command execution
### JSON report Generation
## Features
### Web Crawling
* Discovers internal links automatically
* Crawls target pages
* Identifies attack surfaces
### Form Discovery
* Detects HTML forms
* Extracts:
* Form action
* Form method
* Input fields
### Payload Injection
Supports:
* GET requests
* POST requests
### URL Parameter Testing
Tests query string parameters such as:
/profile?name=test
### Multi-Payload Engine
* Script Injection
* Event Handler Injection
* SVG Payloads
* Image Error Payloads
* Iframe Payloads
* Autofocus Payloads
* Object/Embed Payloads
### Reflected XSS Detection
Current detection logic:
payload in response.text
### Reporting
Generates:
* JSON Reports
* Professional HTML Reports
Each finding contains:
* Vulnerable URL
* Payload Used
* Request Method
* Vulnerability Type
## Project Architecture
ShadowXSS
│
├── main.py
│
├── core
│ ├── crawler.py
│ ├── injector.py
│ ├── detector.py
│ ├── url_scanner.py
│ ├── payloads.py
│ ├── reporter.py
│ └── html_reporter.py
│
├── reports
│ ├── report.json
│ └── report.html
│
└── vulnerable_app.py
## Module Breakdown
### crawler.py
Responsible for:
* Form extraction
* Link discovery
* Form metadata extraction
Functions:
* get_forms()
* get_form_details()
* get_links()
### injector.py
Responsible for:
* Payload insertion
* GET requests
* POST requests
Functions:
* submit_form()
### detector.py
Responsible for:
* Reflected payload detection
Functions:
* is_vulnerable()
### url_scanner.py
Responsible for:
* URL parameter testing
Concepts used:
* urlparse()
* parse_qs()
* urlencode()
* urlunparse()
### reporter.py
Responsible for:
* Storing findings
* JSON export
Output:
{
"url": "...",
"payload": "...",
"method": "...",
"type": "Reflected XSS"
}
### html_reporter.py
Responsible for:
* Dark-themed HTML reports
* Human-readable vulnerability summaries
## Detection Workflow
Target URL
│
▼
Web Crawling
│
▼
Link Discovery
│
▼
Form Discovery
│
▼
Payload Injection
│
▼
Response Analysis
│
▼
XSS Detection
│
▼
Report Generation
## Example Scan
python3 main.py
ENTER TARGET URL:
http://127.0.0.1:5000
Scanner:
* Crawls website
* Extracts forms
* Tests URL parameters
* Injects 20+ payloads
* Detects reflected XSS
* Generates reports
## Vulnerability Testing Lab
A custom vulnerable Flask application was built for testing.
Included vulnerable pages:
### Search Page
Reflected XSS via query parameter.
/search?q=test
### Login Page
Reflected XSS via POST parameter.
/login
### Profile Page
Reflected XSS via URL parameter.
/profile?name=test
### Contact Page
Built for future textarea testing.
## Technologies Used
* Python
* Requests
* BeautifulSoup
* Flask
* HTML
* CSS
* JSON
## Skills Demonstrated
### Cybersecurity
* Web Application Security
* Cross-Site Scripting (XSS)
* Vulnerability Assessment
* Security Testing
### Programming
* Python
* Modular Architecture
* Object-Oriented Programming
* HTTP Requests
### Security Tool Development
* Crawling Engines
* Payload Management
* Detection Logic
* Reporting Systems
## Current Capabilities
### Implemented
* Web Crawling
* Form Discovery
* Link Discovery
* GET Form Testing
* POST Form Testing
* URL Parameter Testing
* 20+ Payload Testing
* Reflected XSS Detection
* JSON Reporting
* HTML Reporting
* Modular Design
## Current Limitations
Current version detects:
Current version does not yet verify:
* Actual JavaScript Execution
* Browser Execution Context
* DOM-Based XSS
## Future Roadmap
### Phase 1
### Phase 2
### Phase 3
* External Payload Files
Examples:
### Phase 4
* 50+ Payload Library
### Phase 5
* Stored XSS Detection
### Phase 6
* DOM XSS Detection
### Phase 7
* Multithreaded Scanning
### Phase 8
### Phase 9
* Command Line Arguments
Example:
python3 shadowxss.py \
--url http://target.com \
--output report.html
### Phase 10
* Playwright Integration
* Selenium Integration
* Real Browser-Based XSS Verification
## Disclaimer
This project was developed for educational purposes and authorized security testing environments only.
Do not use this tool against systems without explicit permission.
## Author
Harshit Kumar Srivastava
Cybersecurity Enthusiast | Security Analyst Aspirant | Python Developer
### CLI Command execution
### JSON report Generation
## Features
### Web Crawling
* Discovers internal links automatically
* Crawls target pages
* Identifies attack surfaces
### Form Discovery
* Detects HTML forms
* Extracts:
* Form action
* Form method
* Input fields
### Payload Injection
Supports:
* GET requests
* POST requests
### URL Parameter Testing
Tests query string parameters such as:
/profile?name=test
### Multi-Payload Engine
* Script Injection
* Event Handler Injection
* SVG Payloads
* Image Error Payloads
* Iframe Payloads
* Autofocus Payloads
* Object/Embed Payloads
### Reflected XSS Detection
Current detection logic:
payload in response.text
### Reporting
Generates:
* JSON Reports
* Professional HTML Reports
Each finding contains:
* Vulnerable URL
* Payload Used
* Request Method
* Vulnerability Type
## Project Architecture
ShadowXSS
│
├── main.py
│
├── core
│ ├── crawler.py
│ ├── injector.py
│ ├── detector.py
│ ├── url_scanner.py
│ ├── payloads.py
│ ├── reporter.py
│ └── html_reporter.py
│
├── reports
│ ├── report.json
│ └── report.html
│
└── vulnerable_app.py
## Module Breakdown
### crawler.py
Responsible for:
* Form extraction
* Link discovery
* Form metadata extraction
Functions:
* get_forms()
* get_form_details()
* get_links()
### injector.py
Responsible for:
* Payload insertion
* GET requests
* POST requests
Functions:
* submit_form()
### detector.py
Responsible for:
* Reflected payload detection
Functions:
* is_vulnerable()
### url_scanner.py
Responsible for:
* URL parameter testing
Concepts used:
* urlparse()
* parse_qs()
* urlencode()
* urlunparse()
### reporter.py
Responsible for:
* Storing findings
* JSON export
Output:
{
"url": "...",
"payload": "...",
"method": "...",
"type": "Reflected XSS"
}
### html_reporter.py
Responsible for:
* Dark-themed HTML reports
* Human-readable vulnerability summaries
## Detection Workflow
Target URL
│
▼
Web Crawling
│
▼
Link Discovery
│
▼
Form Discovery
│
▼
Payload Injection
│
▼
Response Analysis
│
▼
XSS Detection
│
▼
Report Generation
## Example Scan
python3 main.py
ENTER TARGET URL:
http://127.0.0.1:5000
Scanner:
* Crawls website
* Extracts forms
* Tests URL parameters
* Injects 20+ payloads
* Detects reflected XSS
* Generates reports
## Vulnerability Testing Lab
A custom vulnerable Flask application was built for testing.
Included vulnerable pages:
### Search Page
Reflected XSS via query parameter.
/search?q=test
### Login Page
Reflected XSS via POST parameter.
/login
### Profile Page
Reflected XSS via URL parameter.
/profile?name=test
### Contact Page
Built for future textarea testing.
## Technologies Used
* Python
* Requests
* BeautifulSoup
* Flask
* HTML
* CSS
* JSON
## Skills Demonstrated
### Cybersecurity
* Web Application Security
* Cross-Site Scripting (XSS)
* Vulnerability Assessment
* Security Testing
### Programming
* Python
* Modular Architecture
* Object-Oriented Programming
* HTTP Requests
### Security Tool Development
* Crawling Engines
* Payload Management
* Detection Logic
* Reporting Systems
## Current Capabilities
### Implemented
* Web Crawling
* Form Discovery
* Link Discovery
* GET Form Testing
* POST Form Testing
* URL Parameter Testing
* 20+ Payload Testing
* Reflected XSS Detection
* JSON Reporting
* HTML Reporting
* Modular Design
## Current Limitations
Current version detects:
Current version does not yet verify:
* Actual JavaScript Execution
* Browser Execution Context
* DOM-Based XSS
## Future Roadmap
### Phase 1
### Phase 2
### Phase 3
* External Payload Files
Examples:
### Phase 4
* 50+ Payload Library
### Phase 5
* Stored XSS Detection
### Phase 6
* DOM XSS Detection
### Phase 7
* Multithreaded Scanning
### Phase 8
### Phase 9
* Command Line Arguments
Example:
python3 shadowxss.py \
--url http://target.com \
--output report.html
### Phase 10
* Playwright Integration
* Selenium Integration
* Real Browser-Based XSS Verification
## Disclaimer
This project was developed for educational purposes and authorized security testing environments only.
Do not use this tool against systems without explicit permission.
## Author
Harshit Kumar Srivastava
Cybersecurity Enthusiast | Security Analyst Aspirant | Python Developer标签:后端开发