Xss-scanner retrieves and organizes all the necessary HTML for a website to scan forms within the URL content entered by the user using bs4 and request. It then retrieves the form section from the HTML and extracts the input tags within it. It also retrieves the parameters within these input tags. Finally, it performs some operations on these parameters and runs the XSS payload in the input parameter of the search bar within the form. To check if the XSS payload runs within the content of the site, it retrieves the site content and searches for the XSS payload ("<script>alert(1)</script>"). If the payload is found within the content, it gives us a notification saying "Vulnerability detected".
Note: This script only works on http://testphp.vulnweb.com/. If you want to try it on other sites, you need to modify the script according to the site. For this, I have left explanations in the comments about what is happening in which line.