I visited http://www.andlabs.org/tools/jsrecon.html and it is allowing to do port-scan over the client network using web-socket. I am getting confused about this technology because if someone is scanning your network without including xss vulnerability to the website. Then why can't we install any Trojan or any customizable .exe to the client side using cmd?
Correct me if i am wrong here.
I don't understand your question regarding "Trojan" or ".exe", but you probably need to understand that this website instructs your browser to do something in the local network, there is no remote party involved in "network scanning".
This website does a very simple thing: it provides some JavaScript (JS) code that is executed locally (i.e. by the browser displaying this website). The JS code is (mis)using the Browser's websocket (and other) technologies for 'scanning' the local network (whatever this should mean, I did not dig into the details of the code).