# 🛡️ ExpertXSS — Enhanced XSS & Reflection Scanner
[](#requirements)
[](CHANGELOG.md)
[](LICENSE)
[](#)
[](CONTRIBUTING.md)
[](#)
**A fast, context-aware Cross-Site Scripting (XSS) & reflection scanner for _authorized_ security testing.**
ExpertXSS uses a **two-phase** approach — rapid per-parameter **reflection discovery** followed by **targeted, context-aware payload testing** — then scores every finding by **severity** and **confidence**. It can **crawl** a target, **fuzz forms and parameters**, test **header-based reflections**, scan for **DOM-XSS sinks**, and produce **JSON / CSV / Markdown / HTML** reports.
## 📑 Table of Contents
- [What's New in v4.0](#-whats-new-in-v40)
- [Features](#-features)
- [How It Works](#-how-it-works)
- [Requirements](#-requirements)
- [Installation](#-installation)
- [Usage](#-usage)
- [Quick Start](#quick-start)
- [Interactive Wizard](#interactive-wizard)
- [Command-Line Arguments](#command-line-arguments)
- [Examples](#examples)
- [Severity & Confidence](#-severity--confidence)
- [Output Formats](#-output-formats)
- [Documentation](#-documentation)
- [Demo](#-demo)
- [Roadmap](#-roadmap)
- [Contributing](#-contributing)
- [Security Policy](#-security-policy)
- [Disclaimer](#-disclaimer)
- [License](#-license)
## ✨ What's New in v4.0
| Area | Improvement |
|------|-------------|
| 🧙 **Wizard** | Interactive, guided configuration (`--wizard`, or just run with no URL on a terminal). |
| 🎯 **Confirmed XSS** | Verifies the payload's breakout characters (`< > " ' \``) survive **unescaped** before flagging. |
| 🏷️ **Scoring** | Every finding gets a **severity** (High/Medium/Low/Info) and **confidence** (Firm/Tentative). |
| 🔁 **Real two-phase** | Phase 2 only tests parameters that actually reflected in phase 1 (`--full` to override). |
| 🧬 **DOM scan** | Flags `source → sink` flows inside `