Skip to content
/ JAMXSS Public

JAMXSS (Just A Monster XSS Scanner) is a state-of-the-art tool designed to test for reflected XSS (Cross-Site Scripting) vulnerabilities in web applications. By leveraging machine learning, JAMXSS offers an innovative approach to detecting and mitigating security risks with exceptional accuracy and efficiency.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xh4ty/JAMXSS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
crawler
crawler
 
 
images
images
 
 
scanner
scanner
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
banner.py
banner.py
 
 
jamxss.py
jamxss.py
 
 
labeled_html_responses.csv
labeled_html_responses.csv
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

JAMXSS (Just A Monster XSS Scanner)

JAMXSS is a powerful tool designed to test for reflected XSS vulnerabilities in web applications. Leveraging machine learning, it predicts contexts for reflections and suggests appropriate payloads, with options for executing them to test vulnerabilities.

Features

  • Machine Learning Powered: Utilizes machine learning to predict the context of reflections and generate suitable payloads.
  • Stealth Mode: Suggests payloads without executing them, useful for safe scanning.
  • Attack Mode: Executes suggested payloads to actively test for vulnerabilities.
  • Single Scan Mode: Allows for a quick scan of a single URL.
  • Multi-threaded: Efficiently handles crawling and scanning concurrently.
  • Custom Headers: Supports custom cookie headers and user-agent strings for requests.

Installation

  1. Clone the repository:

    git clone https://github.com/0xh4ty/JAMXSS.git
cd JAMXSS

  2. Install dependencies:

    pip install -r requirements.txt

Usage

python3 jamxss.py -u <target_url> [options]

Options

  • -u, --url (required): Target URL of the web application.
  • --single-scan: Perform a single scan on the provided URL only.
  • --stealth-mode: Only suggest payloads without executing them.
  • --attack-mode: Execute suggested payloads to test for vulnerabilities.
  • --cookie: Custom cookie header to use for the requests.
  • --user-agent: Custom user agent string. Default is Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36.

Examples

Single scan with stealth mode:

python3 jamxss.py -u http://example.com --single-scan --stealth-mode

Full scan with attack mode:

python3 jamxss.py -u http://example.com --attack-mode

How It Works

  • Crawler: The tool crawls the provided URL to collect links.
  • Reflections Testing: Tests for reflections in the collected links.
  • Context Prediction: Uses machine learning to predict the context of the reflections.
  • Payload Generation: Generates suitable payloads based on the predicted context.
  • Payload Execution (Attack Mode): Executes the generated payloads to test for vulnerabilities.

Screenshot

JAMXSS on Action

Contributing

Contributions are welcome! Please fork the repository and submit a pull request with your changes.

License

This project is licensed under the MIT License.

Contact

For any issues or suggestions, please open an issue on the GitHub repository.

About

JAMXSS (Just A Monster XSS Scanner) is a state-of-the-art tool designed to test for reflected XSS (Cross-Site Scripting) vulnerabilities in web applications. By leveraging machine learning, JAMXSS offers an innovative approach to detecting and mitigating security risks with exceptional accuracy and efficiency.

Topics

xss-vulnerability xss-scanner xss-exploitation xss-detection xss-attacks xss-injection reflected-xss-vulnerabilities reflected-xss ml-xss-scanner ml-powered-xss-scanner ai-xss-scanner

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages