# Cross-Site Scripting

## Standard XSS

### Dalfox

Dalfox is a powerful open-source XSS scanner and utility focused on automation.

* <https://github.com/hahwul/dalfox>

The following command will take a HTTP request saved to a file named `HTTPREQUEST` and look for XSS, including blind XSS if you use the `-b` flag with a blind XSS URL.

`dalfox file --rawdata HTTPREQUEST -b <blind_xss_link>`&#x20;

The following command will take a URL and look for XSS, including blind XSS if you use the `-b` flag with a blind XSS URL.

`dalfox url URL -b <blind_xss_link>`

## Blind XSS

### XSSHunter

XSSHunter provides a weaponised URL to insert into XSS payloads to test for blind XSS. The easiest way to use XSSHunter, is by using TruffleSecuritys own platform.&#x20;

* <https://xsshunter.trufflesecurity.com/app/#/>

For those that are more security and privacy conscious. You may wish to setup a private instance:

* <https://github.com/trufflesecurity/xsshunter>