by Omar Islam - X @Zodiac_0x0 - Github Zodiac0x0
Troy is a web security scanner focused on detecting:
✔️ Cross-Site Scripting (XSS)
✔️ Path Traversal Attacks
pip install git+https://github.com/Zodiac0x0/Troy.gitgit clone https://github.com/Zodiac0x0/Troy.git
cd Troy
pip install .Once installed, run Troy from the command line using the troy command:
troy --url "http://example.com/?id=1" --type all
Command-Line Options
--url: Target URL to scan (required). Example: http://example.com/?id=1
--type: Scan type: xss, path, or all (default: all)
--xss-payloads: File containing XSS payloads (default: xss.txt)
--path-payloads: File containing Path Traversal payloads (default: paths.txt)
--method: HTTP method for Path Traversal: GET or POST (default: GET)
--threads: Number of concurrent threads (default: 10)troy --url "http://localhost/dvwa/vulnerabilities/xss_r/?name=test" --type xss --xss-payloads xss.txttroy --url "http://localhost/dvwa/vulnerabilities/fi/?page=test" --type path --path-payloads paths.txt --method GET Results are logged to web_scan.log (general), xss_scan.log (XSS), and path_traversal_test.log(PathTraversal)
Vulnerable URLs are saved to vulnerable_urls.txt for Path Traversal
Legal Use: Test only on systems you own or have permission to scan (e.g., DVWA).
Limitations: Basic detection only; no advanced exploitation or crawling.