A package for detecting XSS attacks using machine learning
Project description
XSS Detector
A Python package for detecting Cross-Site Scripting (XSS) attacks using machine learning.
Installation
pip install xss-detector
Features
- Detect XSS attacks in text, URLs, files, and HTTP requests
- Command-line interface for quick checks
- REST API for integration with other tools
- Deep learning model trained on a comprehensive XSS dataset
- Automated model training and management
Quick Start
Command Line Usage
Check a specific string for XSS:
xss-detector check "<script>alert(1)</script>"
Check a file for XSS:
xss-detector file suspicious.html
Check a URL:
xss-detector url "https://example.com/?param=value"
Start the API server:
xss-detector server --port 5000
Python API Usage
from xss_detector import XSSDetector
# Initialize the detector
detector = XSSDetector()
# Check a single string
result = detector.detect('<img src="x" onerror="alert(1)">')
print(f"XSS detected: {result['is_xss']}, Confidence: {result['confidence']}")
# Analyze a full HTTP request
analysis = detector.analyze_request(
url_params={'search': 'something<script>alert(1)</script>'},
headers={'User-Agent': 'Mozilla/5.0'},
cookies={'session': 'abc123'}
)
print(f"Request contains XSS: {analysis['xss_detected']}")
REST API Usage
Start the server:
xss-detector server
Then make requests:
# Check a single string
curl -X POST http://localhost:5000/check \
-H "Content-Type: application/json" \
-d '{"text": "<script>alert(1)</script>"}'
# Analyze a full request
curl -X POST http://localhost:5000/proxy \
-H "Content-Type: application/json" \
-d '{"param": "<img src=x onerror=alert(1)>"}'
Model Training
The package automatically downloads a dataset and trains a model on first use. To manually train a new model:
xss-detector train
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xss_detector-0.1.0.tar.gz.
File metadata
- Download URL: xss_detector-0.1.0.tar.gz
- Upload date:
- Size: 8.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4281b058cefe55c57a937dc5826c491908270ea6483adb66ca4a3a86ad1b9ffd
|
|
| MD5 |
617d782bad8bdf3bb6e8030f93e51702
|
|
| BLAKE2b-256 |
ea1dba77acc8ebc6ab6eb823cc4041435486c586ec5825090c3a7cae14d7ebe0
|
File details
Details for the file xss_detector-0.1.0-py3-none-any.whl.
File metadata
- Download URL: xss_detector-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
529ad241df249c1998ee9bd2126c34d08ba08c6b226ca1c2190a8d5d23233af7
|
|
| MD5 |
147a4f6ca6a00b4a24617f9334380c7a
|
|
| BLAKE2b-256 |
79108a1b7daf8909cd85d00c6f05ec2d3633e2cba9a91a7ef23aa2f2c80f7c3b
|
