I installed the netcraft toolbar few times back to just be able to detect phishing sites. Moreover it also gives you the information like-- Risk rating, When it was started,rank of the page in terms of popularity and Country where it is originated from--about the site you are visiting. But to my surprise it was quite useful in detecting XSS too. I was visiting a site I had previously detected XSS issue in it. As soon as the page loads the netcraft tool throws a message: "The Page you are trying to visit is using Cross-Site Scripting( XSS ).This is commonly used in Phishing Attack.Do you still want to go there?" and then the site is categorized as Phishing site.