Springenwerk Security Scanner
This is a free XSS scanner available on web. With a few enhancements, this could make a quick scan of your applications possible. This type of scanner is useful for manual pen-testers when they have to try out loads of injection variations. Such a task is tedious to do manually and on each field in the application. This tool generates a report in a nice format.
Following are the features listed on the tool's home page.
- Finds the most common XSS vulnerabilites
- Extracts forms and input elements from given webpages and checks them for vulnerabilites
- Follows the form action targets (1 level)
- Can check custom HTTP GET and POST data arguments
- Can use Springenwerk, Firefox or IE in the requests' user agent string
- Optionally generates an HTML report file with exploits to demonstrate the vulnerabilites
- Comes with an easy to use GUI
- Platform independent, written in Python
- No installation and no super user privileges necessary