Web Monitoring


XSS and SQLi Scanner

Online XSS and SQLi Scanner for PHP projects

Find Monitoring

Website monitoring, shell detector

HTML Validator

Simple HTML Validator, only unclosed tags will be checked

News by tag - xss scanner

A new version of the scanner 0.4.0

new version

    There are two pieces of news and you may choose which to begin with. The first one is a new version of the scanner, and the second one - scanner transition to a paid mode. Well, perhaps we should start with the latter.
    Paid mode includes the following. General report of scanning is only available free of charge. The number of Errors (XSS and SQL Injection) and Warnings (they should be treated with the same attention as the Errors starting with version 0.4.0) are provided. The size of the ZIP archive for scanning remained unchanged - up to 10Mb. You need to send SMS (price is symbolic) for one-time view the full report of scanning. The possibility of getting VIP status (for a day and 3-day scanning) is remained. You have to register and make payment via SMS or paypal. A system of referrals continues to operate. You will receive 1 day of VIP for each user. You should have no problems with your VIP status if you place your referral link on your site or forum. The referral link is in your account profile.  

New Version 0.3.3

new version    In the past month the core of the scanner 0.3.0 has been upgraded to 0.3.3. In 0.3.1 and 0.3.2 versions only the core optimization was changed. In the 0.3.3 version some important changes have taken place. In the report interface, the name of the variable which makes the code vulnerable has been added. This is a big help in fixing the problem. The occurrence of Warning statuses is now reduced by 90%. To  remind, a Warning status is something that the scanner hasn’t been able to track down but could neither classify it as a safe code. The quantity and the relevance of detected vulnerabilities has increased by 10-20%.

Funny and absurd story

Curios Our scanner is very popular among site owners whose sites were made in CMS with an open code, which stands to reason. Once one of the owners of such a site used our services and when he found lots of vulnerabilities, somewhat indignant, he wrote about it in the forum of CMS developers. It would have made sense, if the developers had verified the accuracy of the comments, removed the vulnerabilities (we found over 700! XSS vulnerabilities and SQL injections) and thanked their clients for notifying them in a timely way. But CMS developers (whose names we will leave undisclosed) without even taking the trouble to check whether their client was right or not, came to the conclusion that no scanner can possibly find any vulnerabilities. We didn’t try to prove them wrong on the forum. But we feel sincerely sorry for such self-confident developers and even more for their trustful clients. This example was purely educational: don’t repeat his mistake, check your project. What do you have to lose? The scan takes 2 minutes. Maybe you will spend one more minute on opening a file with one of the detected vulnerabilities and verify whether the scanner has made an error or not. Check and see for yourself!

How does it work?

how does    This tool is designed to help search for XSS and SQL Injection vulnerabilities. This service enables you to check PHP files as well ZIP archives up to 10 mb. The VIP users ( registered users) are provided with a detailed scan report.  As a result of the scanner’s work, the name of the file will show up in which a potential vulnerability has been found as well as numbered lines of the insecure code in that file, a vulnerable parameter and the vulnerability type.

Copyright © 2010 - 2024 Find-XSS.net