Installing XSScrapy on Kali Linux 1.0.9
Install the prerequisite python libraries, give it a URL, and watch it spider the entire site looking in every nook and cranny for XSS vulnerabilities.
apt-get install python-pip git clone https://github.com/DanMcInerney/xsscrapy cd xsscrapy pip install -r requirements.txt scrapy crawl xsscrapy -a url="http://example.com" pip install ipython
To login then scrape:
scrapy crawl xsscrapy -a url="http://example.com/login" -a user=my_username -a pw=my_password
All vulnerabilities it finds will be places in formatted-vulns.txt. Example output when it finds a vulnerable user agent header:
source: http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/