Web Pwn Tool

This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended.
The open redirect vulnerabilities are checked against malwrforensics.com

The tool is released for testing purposes ONLY!

How to use:
Just point and shoot. Optionally you can use either --checkxss, --checkdirtrv, --checkopenredir or --all. The default option is --all


XSS scan

directory traversal/LFI scan

open redirect scan

Here you can find the code on github.