MCPcopy Index your code
hub / github.com/dshieble/playwright_xss_scanner

github.com/dshieble/playwright_xss_scanner @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
24 symbols 65 edges 1 files 16 documented · 67%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.

This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.

This program can be used with the command

  python main.py \
    --target_url "https://xss-game.appspot.com/level1/frame?query=test" \
    --payload_list_file_path lists/xss_payloads_with_alert_message_signal.txt

Core symbols most depended-on inside this repo

wait_for_load_state_safe
called by 2
main.py
initialize_browser_context
called by 2
main.py
prepare_page
called by 2
main.py
get_dialog_message_set
called by 2
main.py
scroll_page_and_wait
called by 1
main.py
remove_listener
called by 1
main.py
open_url_and_capture_dialog_messages
called by 1
main.py
construct
called by 1
main.py

Shape

Method 11
Function 10
Class 3

Languages

Python100%

Modules by API surface

main.py24 symbols

For agents

$ claude mcp add playwright_xss_scanner \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact