This is a python script designed to automatically find XSS (cross-site scripting), directory traversal/LFI (local file inclusion) and open redirect vulnerabilities. It uses a predefined dictionary for XSS/LFI attacks that can easily be extended.
The open redirect vulnerabilities are checked against malwrforensics.com
The tool is released for testing purposes ONLY!
How to use:
Just point and shoot. Optionally you can use either –checkxss, –checkdirtrv, –checkopenredir or –all. The default option is –all
The code is available on github. It can be downloaded from here.