MIT License

BRS-XSS

XSS Vulnerability Scanner

For authorized security research, penetration testing & education

4,200+ Payloads

151 Contexts

10+ WAF Bypasses

34 GitHub Stars

Install GitHub

Features

Context-Aware Payloads

HTML, JavaScript, CSS, URI, SVG, XML contexts with intelligent payload selection

WAF Evasion

Bypass Cloudflare, Akamai, AWS WAF, Imperva, ModSecurity, and more

DOM Analysis

Full browser-based DOM XSS detection via Playwright

ML-Based Scoring

Machine learning enhanced payload effectiveness scoring

Multiple Formats

Export to SARIF, JSON, HTML with screenshots and replay URLs

BRS-KB Integration

4,200+ payloads from BRS-KB knowledge base via API

Installation

PyPI

pip install brs-xss

GitHub

pip install git+https://github.com/EPTLLC/BRS-XSS.git

Docker

docker pull ghcr.io/eptllc/brs-xss:latest

Quick Start

Quick Scan

brs-xss scan https://target.tld

Aggressive Mode

brs-xss scan https://target.tld --aggr --deep

Knowledge Base

brs-xss kb info
brs-xss kb list
brs-xss kb show html_content

BRS-KB Knowledge Base

BRS-XSS is powered by BRS-KB — open-source XSS knowledge base

BRS-KB

v1.0.0

4,200+ Payloads

151 Contexts

1,900+ WAF Bypasses

No Rate Limits

API GitHub

Legal & Ethics

Authorized Use Only

Use this tool only for authorized security testing with explicit written permission from system owners.

Responsible Disclosure

Report vulnerabilities to affected parties before public disclosure. Follow coordinated disclosure practices.

No Warranty

This tool is provided "as is" without warranty. Users are solely responsible for compliance with laws.

Unauthorized access to computer systems is illegal. Misuse of this tool may result in criminal prosecution.