XSS Framework?on January 30, 2008 at 9:05 pm
So you don’t consider yourself to be XSS savy, but you would really like to do some free testing? Well look no farther…you just might have a solution. Introducing the XSSDB by GNUCitizen. The XSSDB (i’m assuming) is heading in the direction as the Metasploit Project, however, soley based on Cross-Site Scripting checks.
A couple of the nice[r] features (IMHO) of the database:
- Ability to perform both GET and POST-based XSS
- Ability to add or submit your own vulnerability checks to the DB
So how could this be improved? Personally, while I do have several methods of testing for XSS, I would find it invaluable to have an offline solution where I could test non-internet connected applications. GNU? Perhaps some type of offline solution with a update capability? The solution does take a bit of getting used to (for example, if you aren’t terribly familiar with how GET, POST and Parameters work in web applications), but overall …. a very nice solution.