I've been using this a bit on my own for a while and realized I should probably push it upstream since it has found things a couple of different times.
This adds automatic detection of script tags that have a src attribute pointing to a non-resolvable domain name (aka a domain name that anyone can register). For example if xsscrapy was pointed at https://daviddworken.com/error.html which contains:
ddworken
commented
8 years ago
I've been using this a bit on my own for a while and realized I should probably push it upstream since it has found things a couple of different times.
This adds automatic detection of script tags that have a
srcattribute pointing to a non-resolvable domain name (aka a domain name that anyone can register). For example if xsscrapy was pointed athttps://daviddworken.com/error.htmlwhich contains:this patch will trigger to create the following vulnerability report in the output file: