Features
- Comprehensive Scanning: Tests URL parameters, POST parameters, headers, and DOM content for XSS vulnerabilities.
- Multiple Browser Support: Compatible with both Firefox and Chrome for testing.
- Headless Mode: Option to run scans in headless browser mode for faster & traditional execution.
- Concurrent Scanning: Utilises multi-threading for efficient scanning of multiple targets.
- Customizable: Supports custom headers, cookies, and payload files.
- Crawling Capability: Can crawl websites to discover and test additional pages.
- Detailed Reporting: Provides comprehensive output with color-coded console logs and optional file output.
- DOM XSS Detection: Advanced detection of DOM-based XSS vulnerabilities.
- Payload Customization: Automatically customises payloads with unique identifiers for accurate detection.
Key Capabilities
- URL parameter testing
- POST parameter analysis
- Header scanning
- DOM content examination
- External script analysis
- Crawling targets and depth control
- Custom payload support
- Accurate detection
Link: https://github.com/Stuub/Helios
