BRS-XSS

XSS Vulnerability Scanner

For authorized security research, penetration testing & education

--- Payloads

--- Contexts

--- WAF Bypasses

--- GitHub Stars

Features

HTML, JavaScript, CSS, URI, SVG, XML contexts with intelligent payload selection

Bypass Cloudflare, Akamai, AWS WAF, Imperva, ModSecurity, and more

Full browser-based DOM XSS detection via Playwright headless browser

Automatic XSS type detection and severity scoring with CVSS

Export to PDF, SARIF, JSON, HTML with evidence and remediation

Thousands of payloads from BRS-KB knowledge base via API

pip install brs-xss

pip install git+https://github.com/EPTLLC/BRS-XSS.git

docker pull ghcr.io/eptllc/brs-xss:latest

brs-xss scan https://target.tld

brs-xss scan https://target.tld --deep

brs-xss kb info
brs-xss kb list
brs-xss kb show html_content

BRS-XSS is powered by BRS-KB - open-source XSS knowledge base

BRS-KB

v4.0.0

--- Payloads

--- Contexts

--- WAF Bypasses

No Rate Limits

Use this tool only for authorized security testing with explicit written permission from system owners.

Report vulnerabilities to affected parties before public disclosure. Follow coordinated disclosure practices.

This tool is provided "as is" without warranty. Users are solely responsible for compliance with laws.

Unauthorized access to computer systems is illegal. Misuse of this tool may result in criminal prosecution.