Skip to content

Instantly share code, notes, and snippets.



Last active Sep 15, 2019
What would you like to do?
Simple XSS detector using PhantomJS
<a href="javascript: alert('clicked xss link')" id="link">click me</a>
<img src="xx" onerror="alert('xss')" />
var page = require('webpage').create(),
system = require('system'),
page.onAlert = function (msg) {
console.log("Received an alert: " + msg);
page.onConfirm = function (msg) {
console.log("Received a confirm dialog: " + msg);
return true;
if (system.args.length === 1) {
console.log("Must provide the address of the webpage");
} else {
address = system.args[1];, function (status) {
if (status === "success") {
console.log("opened web page successfully!");
page.evaluate(function () {
// .click() is not standard
// see
var e = document.createEvent('Events');
e.initEvent('click', true, false);


Launch python -m SimpleHTTPServer in the same directory as test.html. By default, the port is 8000.

Then launch phantomJS like this: phantomjs test.js http://localhost:8000/test.html


vagrant@precise64:~$ pjs test.js http://localhost:8000/test.html
Received an alert: xss
opened web page successfully!
Received an alert: clicked xss link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment