## Tools for xss

| Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- |
|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Ruby](./images/ruby.png)](/langs/Ruby.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![JavaScript](./images/javascript.png)](/langs/JavaScript.md)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Shell](./images/shell.png)](/langs/Shell.md)|
|Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Python](./images/python.png)](/langs/Python.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![JavaScript](./images/javascript.png)](/langs/JavaScript.md)|
|Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Go](./images/go.png)](/langs/Go.md)|
|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Python](./images/python.png)](/langs/Python.md)|
|Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Python](./images/python.png)](/langs/Python.md)|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Python](./images/python.png)](/langs/Python.md)|
|Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Ruby](./images/ruby.png)](/langs/Ruby.md)|
|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![PHP](./images/php.png)](/langs/PHP.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![JavaScript](./images/javascript.png)](/langs/JavaScript.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![JavaScript](./images/javascript.png)](/langs/JavaScript.md)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/tags/xxe.md) [`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![Python](./images/python.png)](/langs/Python.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)[![JavaScript](./images/javascript.png)](/langs/JavaScript.md)|
|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|[`xss`](/tags/xss.md)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|