XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scriptsRead More

Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More

PwnXSS – Vulnerability XSS Scanner Exploit

A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSSchmod 755 -R PwnXSScd PwnXSSpython3 pwnxss.py –help Usage Basic usage: python3 pwnxss.py -u http://testphp.vulnweb.com Advanced usage: python3 pwnxss.py –help Main features crawling all links on a website ( crawler engine ) POSTRead More

CheckXSS – Detect XSS vulnerability in Web Applications

Detect XSS vulnerability in Web Applications Screenshots Easy InstallationAs simple as below, Just one line of code: curl -L -s https://raw.githubusercontent.com/Jewel591/CheckXSS/master/docs/install.sh|bash Usage Instructionspython3.6 checkxss.py -h Support POST and GET request methods, support parameter injection detection in cookie, referer, useragent fields For example, test the returnUrl parameter in POST data:python3.6 checkxss.py -u “https://example.com/login.do” –data=”returnUrl=utest” -p returnUrlRead More

FinDOM-XSS – A Fast DOM Based XSS Vulnerability Scanner With Simplicity

FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner.Installation $ git clone https://github.com/dwisiswant0/findom-xss.git Dependencies: LinkFinder ConfigurationChange the value of LINKFINDER variable (on line 3) with your main LinkFinder file. UsageTo run the tool on a target, just use the following command. $ ./findom-xss.shRead More

JSshell – A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell – a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, …This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSSRead More

DalFox (Finder Of XSS) – Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFoxJust, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyzeRead More

XSS-LOADER – XSS Payload Generator / XSS Scanner / XSS Dork Finder

All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDERWritten by Hulya KarabagInstagram: Hulya KarabagScreenshots How to use Read Me This tool creates payload for use in xss injection Select default payload tags from parameter or write your payload It makes xss inj. with Xss Scanner parameter It finds vulnerable sites url withRead More

Extended-XSS-Search – Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as “xssfinder”. This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel.First stepsRename the example.app-settings.conf to app-settings.conf and adjust the settings. It should work out ofRead More

X