Dynamic web application is built up with client and server architecture. Any request sent by the client is sent to the server. Web applications with input forms, takes the input given by the clients. If these forms lacks sufficient validation and sanitization, user can inject any kind of inputs. If client inject any kind of malicious JavaScript code to the input field and the website may disclose the critical information, then this attack is called Cross-Site Scripting i.e. XSS. Cross-site scripting is one entry point for attackers to access and manipulate control systems networks which allow users to post viewable content in order to execute arbitrary HTML and active content such as JavaScript on remote machine. According to OWASP top 10, around 40% of the websites are vulnerable to XSS attacks. As a result, this project was developed to test the websites with the XSS vulnerabilities and automate the time consuming testing process. This project next goal is to crawl the website directories and discover vulnerable parameters itself.