attack-surface-xss

Map the XSS attack surface of a target URL. Analyze security headers, client-side frameworks, JavaScript patterns, and DOM structure to identify what makes XSS possible, easier, or harder.

This skill does NOT inject payloads or test for XSS. It performs passive observation only (HTTP requests + source analysis). For active XSS testing, use /xss-finder.

| Header Assessment | CSP, X-Content-Type-Options, cookie flags, charset | | Framework Detection | React, Angular, Vue, jQuery + version extraction | | Vulnerable Library Detection | Known CVEs per detected library version | | DOM XSS Source/Sink Mapping | innerHTML, eval, location.hash, postMessage |

Aufklärungsfähigkeit für XSS-Angriffsoberfläche – analysiert Header, Frameworks, JS-Bibliotheken und DOM-Muster an einer URL, um abzubilden, was XSS möglich oder schwieriger macht. Für ethische Hacker, die sich auf XSS-Tests vorbereiten. Quelle: igbuend/grimbard.