This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended.
The open redirect vulnerabilities are checked against malwrforensics.com
The tool is released for testing purposes ONLY!
How to use:
Just point and shoot. Optionally you can use either –checkxss, –checkdirtrv, –checkopenredir or –all. The default option is –all

options

XSS scan

directory traversal/LFI scan

open redirect scan
The code is available on github. It can be downloaded from here.