Vega has quickly become the first tool in my web vulnerability and pen testing arsenal. It’s fast and copiously comes up with more results than any other scanner I’ve come across. It’s also a free (open-source) tool, with a host of great features. It also runs sm on Mac OSX and Linux.

To summarise, a successfully exploited XSS vulnerability will allow the interception of ALL keystrokes, ALL mouse actions, ALL cookies (unless protected by scope) on ALL pages of the affect domain, regardless of whether or not the vulnerability is “reflected” or “persistent”.XSS-Harvest is multi-threaded pre-forking web server written in Perl, and requires no dependencies other than a couple of common Perl modules; you do not need a web server or database to use this tool.