Working with XSSCon

The tool has been downloaded successfully. Using this tool, you can easily check the cross-site scripting vulnerabilities of the websites and webapps. Now here are some examples of using the XSSCon tool.

python3 xsscon.py -u http://testphp.vulnweb.com

The XSSCon tool has started checking cross-site scripting vulnerabilities. These are the vulnerabilities that the tool has detected. The tool keeps checking the website again and again. When finding a vulnerable website, it will show you at the terminal.

Now, you can see the payload injected by XSSCon is actually working if we open the link in a web browser. The Popup comes when we hit the malicious link.

XSSCon tool is a Python-based tool that features a powerful XSS (Cross-Site Scripting) Scanner. XSS is the most common vulnerability, which is identified on almost every web-based application; you only have to find an input field where you can inject your malicious payload. Automation can reduce your manual work if there is enormous scope in your target domain. You can use this XSSCon tool while performing penetration testing of web-based applications, or you can also use this tool in Bug Bounty Programs for getting low-medium level bugs and earning lots of Bounty.