XSSer é uma ferramenta para realizações de pentest's ela é OPEN SOURCE.
pelo nome ja deu pra perceber que ela faz testes de XSS

Como Utilizar?
python XSSer.py [-u |-i |-d ] [-p |-g |-c ] [OPTIONS] [Request] [Bypassing] [Techniques]
[quote]Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose verbose (default NO)
-s report some statistics
-w output all results directly to template (XSSlist.dat)
--xml=FILEXML output 'positives' to aXML file (--xml filename.xml)
--publish output 'positives' to Social Networks (identi.ca)
--short=SHORTURLS generate shortered links (tinyurl, is.gd)

*Target*:
At least one of these options has to be specified to set the source to get target urls from.

-u URL, --url=URL Enter target(s) to audit
-i READFILE Read target URLs from a file
-d DORK Process search engine dork results as target urls
--De=DORK_ENGINE Search engine to use for dorking (duck, altavista, bing, baidu, yandex, yebol, youdao, cuil, ask)

*HTTP(s) Connections*:
Testable parameter(s)

-g GETDATA Enter payload to audit using GET. (ex: '/menu.php?q=')
-p POSTDATA Enter payload to audit using POST. (ex: 'foo=1&bar=')
-c CRAWLING Crawl target hierarchy parameters (can be slow!)
--Cw=CRAWLING_WIDTH Number of urls to visit when crawling

*Request*:
These options can be used to specify how to connect to the target url.

--cookie=COOKIE try this HTTP Cookie header
--user-agent=AGENT Change your HTTP User-Agent header (default SPOOFED)
--referer=REFERER Use another HTTP Referer header (default NONE)
--headers=HEADERS Extra HTTP headers newline separated
--auth-type=ATYPE HTTP Authentication type (value Basic or Digest)
--auth-cred=ACRED HTTP Authentication credentials (value nameassword)
--proxy=PROXY Use proxy server (tor: Apenas usuários registrados e ativados podem ver os links.,