WebPwnTool

This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended.
The open redirect vulnerabilities are checked against malwrforensics.com

The tool is released for testing purposes ONLY!

How to use:
Just point and shoot. Optionally you can use either –checkxss–checkdirtrv–checkopenredir or –all. The default option is –all

options

XSS scan

directory traversal/LFI scan

open redirect scan

The code is available on github. It can be downloaded from here.