Hey Folks, In this tutorial we are going to talk about an amazing tool called “PwnXSS“. It’s an open source tool available on github that is specially designed to find cross site scripting vulnerability (XSS) on web applications. Now let’s examine the main feature of this tool.

Main Features

  • Advanced error handling
  • POST and GET forms are supported
  • Many Settings that can be Customized
  • Crawling all links on a website
  • Multiprocessing support

Lets take a look 🙂 !!


It time to configure this tool on terminal. As you know that we make everything easy and likewise we will install and configure this tool in few steps. Now first we have to download it from github by using git command.

Now we give chmod permission of the downloaded folder and go to the directory. Installation is Completed 🙂 !! After doing all that we can boot this tool by using python command.
Note : We are using the given website only for testing purposes.

Got it 🙂 !! Finally we got the exact location of the vulnerability parameter which is “cat=“. Furthermore, it places us vulnerabilities with combined xss payloads through which we can directly test vulnerabilities by executing them.

Done 🙂 !! As you can see the tools for finding xss vulnerabilities work fine and when we execute the given URL on the web browser the results are comes very impressive.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

One thought on “PwnXSS – A Automated XSS Vulnerability Finder”

  1. I’ve been surfing on-line more than 3 hours as of late,
    but I never found any interesting article like yours. It’s lovely value sufficient
    for me. In my view, if all web owners and bloggers made good content
    as you probably did, the web can be a lot more helpful than ever before.

Leave a Reply

Your email address will not be published. Required fields are marked *