Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'xss'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Purpose toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js). This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks. Disclaimer: The project is quite fresh and has not been widely tested. [hide][Hidden Content]]
  2. [Hidden Content] [Hidden Content]
  3. [Hidden Content]
  4. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and examine them based on Selenium. I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS). Changelog v2.6.1 741f6c0 update package 15bf693 tap v2.6.1 17be4d8 chore: update contributors [skip ci] 4ac6e1f Merge pull request #321 from hahwul/dev 5c1e792 Merge pull request #319 from hahwul/main fd65dc3 Merge pull request #317 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.6 90b5090 Merge pull request #316 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.6 2d832bb Merge branch ‘main’ of [Hidden Content] into main 2fb311a Bump github.com/swaggo/swag from 1.7.4 to 1.7.6 237def7 Bump github.com/chromedp/chromedp from 0.7.4 to 0.7.6 9b9f256 (#320) Update lib interface 0eabf85 (#318) Add PoCType in lib fdb9d74 (#315) Add gzip handling in SendReq function 9ab9e6f (#315) Add gzip handling in ParamterAnalysis [Hidden Content]
  5. xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post: use fetch POST urlencoded postJSON: use fetch POST json encoded sendBeacon: use navigator.sendBeacon console: for debugging, simply use console.log img: create an img tag to exfiltrate via GET style: create a style tag to exfiltrate via GET iframe: create an iframe tag to exfiltrate via GET [hide][Hidden Content]]
  6. [Hidden Content]
  7. XSSTRON Electron JS Browser To Find XSS Vulnerabilities Powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing the web, it can detect many case scenarios with support for POST requests too. [hide][Hidden Content]]
  8. JSshell – a JavaScript reverse shell. This using to exploit XSS remotely, help to find blind XSS, … This tool works for both Unix and Windows operating system and it can be running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSS by s0med3v. JSshell also doesn’t require Netcat (different from other javascript shells). New in JSshell version 2.9 Updated in the new version of JShell 2.9: New JSshell command: cookie -> allows to view the cookies of the current user who established the shell Support javascript function: Fixed some bugs [hide][Hidden Content]]
  9. PwnXSS A powerful XSS scanner made in python 3.7. Main features crawling all links on a website ( crawler engine ) POST and GET forms are supported many settings that can be customized Advanced error handling Multiprocessing support.✔️ ETC… [hide][Hidden Content]]
  10. Features Support url encoding bypass Support unicode encoding of HTML tag attribute value to bypass Support HTML encoding to bypass the HTML tag attribute value Support for flexible replacement of () '"to bypass Case bypass [hide][Hidden Content]]
  11. FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. [hide][Hidden Content]]
  12. FinDOM-XSS FinDOM-XSS is a tool that allows you to find possible and/ potential DOM-based XSS vulnerability in a fast manner. [HIDE][Hidden Content]]
  13. XSS-Freak XSS-Freak is an XSS scanner fully written in python3 from scratch. It is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. Then it searches them for input tags and then launches a bunch of XSS payloads. if an input is not sanitized and vulnerable to XSS attacks, the tool will discover it in seconds. Advantages: Supports Multithreading For Efficiency and Faster Processing. One Of It Kind. Ability To Crawl All the sites not only a specific webpage. Versatile. Disadvantages: Isn’t Supported On Phones Due to the high demand for hardware. Requires a High-Speed internet connection for it to work well or you will get errors or take too much time. Requires Medium to best hardware since it deals and manages with high amounts of threads and any old hardware the script will cause the computer to lag or crash so take care. [HIDE][Hidden Content]]
  14. How to easily find Reflected XSS vulnerabilities! [Hidden Content]
  15. NoXss NoXss is a xss scanner, include reflected xss and dom-based xss.It can scan a single url or many urls from text file,also support to scan traffic from burpsuite.It has found some xss vulnerabilities in Bug Bounty program. Features Multi-process Async request(use gevent) Support Dom-based xss(use browser) and reflected xss Support single url,file and traffic from Burpsuite Traffic filter based on interface Support speicial headers(referer,cookie,customized token,e.g.) Support rescan quickly by id [HIDE][Hidden Content]]
  16. 0x1

    HackBar V2

    Firefox Extension of HackBar without license A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar. How to use Press F12 to open hackbar Feature Load, split, execute url from address bar. Custom/add referrer url, User Agent, cookie. Tools: md5, sha1, sha256, rot13 encryption, url, base64 encoding, beautifier json data, sql, xss features. Shortcut Ctrl + Enter to execute FOREVER FREE Download && Code Source [Hidden Content]
  17. 0x1

    JSONBee

    A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found Here [Hidden Content] What is JSONBee ? The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url name (i.e. [Hidden Content]), parses the CSP (Content-Security-Policy), and automatically suggest the XSS payload that would bypass the CSP. It mainly focuses on JSONP endpoints gathered during my bug bounty hunting activities, and could be used to bypass the CSP. JSONBee relies on 3 methods to gather the JSONP endpoints: The repository within this project; Google dorks; Internet archive (archive[.]org). The tool is not yet fully completed as I'm still adding some validations and features too. However, the repository will be hosted here so that anyone can use it till the tool is ready. The repo contains ready-to-use payloads that can bypass CSP for Facebook[.]com, Google[.]com and more. Bypasing Facebook.com Content-Security policy: Facebook.com allows *.google[.]com in its CSP policy (script-src directive), thus, below payload would work like a charm to execute JavaScript on Facebook[.]com: "><script+src="[Hidden Content]"></script> If you came across a website that trusts any of the domains in jsonp.txt file in its script-src directive, then pickup a payload that matches the domain and have fun 🙂 How can you help? You are all welcome to contribute by adding links to sites that uses JSONP endpoins/callbacks to make the repo bigger and more usefull for bug hunters, pentesters, and security researchers. Download [Hidden Content]
  18. WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. View the full article
  19. Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. [HIDE][Hidden Content]]
  20. ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution. View the full article
  21. Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. View the full article
  22. 0x1

    Traxss

    Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. Getting Started Prerequisites Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command: brew install cask chromedriver Installation Run the command: pip3 install -r requirements.txt Running Traxss Traxx can be started with the command: python3 traxss.py This will launch an interactive CLI to guide you through the process. Types of Scans Full Scan w/ HTML Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta). Full Scan w/o HTML This scan will run the query scan only. Fast Scan w/ HTML This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors. Fast Scan w/o HTML This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors. More info && Download [Hidden Content]
  23. Thailand Union Library Management version 6.2 suffers from cross site scripting and remote SQL injection vulnerabilities. View the full article
  24. Blocked Window Alert - Prompt - Confirm - Open XSS && block function Window.Console To deblock make var DEBUG = true if i have forget some function you can add here on Comment Thanks [Hidden Content] Tested on my Blog: [hide][Hidden Content]] Reference : [hide][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.