The XSS-Scanner is a tool designed to detect cross-site scripting (XSS) vulnerabilities, widely recognized as among the most common and severe web application security weaknesses. These vulnerabilities are so significant that they are given their chapter in the OWASP Top 10 project and are actively sought after by many bug bounty programs. What is XSS(Cross-Site …
Tag Archives: XSS
Ppmap : A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets
Ppmap is a simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets. Requirements …
XSSTRON : Electron JS Browser To Find XSS Vulnerabilities
XSSTRON is a powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing web, it can detect many case scenarios with support for POST requests too. Installation Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm)Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON)cd XSSTRONnpm installnpm start Some users using Debian/Ubuntu might not able to …
Continue reading “XSSTRON : Electron JS Browser To Find XSS Vulnerabilities”
PwnXSS : Vulnerability XSS Scanner Exploit
PwnXSS is a powerful XSS scanner made in python 3.7. Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSS chmod 755 -R PwnXSS cd PwnXSS python3 pwnxss.py –help Usage Basic usage: python3 pwnxss.py -u http://testphp.vulnweb.com Advanced usage: python3 pwnxss.py –help Main Features crawling all links on a website …
Continue reading “PwnXSS : Vulnerability XSS Scanner Exploit”
BXSS : A Blind XSS Injector Tool
BXSS is a blind XSS injector tool. Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments — Coded by @z0idsec —-appendModeAppend the payload to the parameter-concurrency intSet the …
JSshell – A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS
JSshell is a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS. This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSS …
Self XSS : Grab Cookies Tricking Users Into Running Malicious Code
Self XSS attack using bit.ly to grab cookies tricking users into running malicious code. How it works? It is a social engineering attack used to gain control of victims’ web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate …
Continue reading “Self XSS : Grab Cookies Tricking Users Into Running Malicious Code”
Dalfox : Parameter Analysis & XSS Scanning Tool
DalFox is just XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and verify them based on DOM Parser. I …
Continue reading “Dalfox : Parameter Analysis & XSS Scanning Tool”
XSS-Freak : XSS Scanner Fully Written In Python3 From Scratch
XSS-Freak is an xss scanner fully written in python3 from scratch. it is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. Then it searches them for inputs tags and then launches a bunch of xss payloads. if an inputs is not sanitized and …
Continue reading “XSS-Freak : XSS Scanner Fully Written In Python3 From Scratch”
Traxss : Automated XSS Vulnerability Scanner
Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. Getting Started Prerequisites Traxss depends on Chromedriver. On MacOS this can be installed …
Continue reading “Traxss : Automated XSS Vulnerability Scanner”