Search the Community
Showing results for tags 'xss'.
-
Purpose toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js). This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks. Disclaimer: The project is quite fresh and has not been widely tested. [hide][Hidden Content]]
-
[Hidden Content] [Hidden Content]
-
[Hidden Content]
-
What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a Ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and examine them based on Selenium. I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS). Changelog v2.6.1 741f6c0 update package 15bf693 tap v2.6.1 17be4d8 chore: update contributors [skip ci] 4ac6e1f Merge pull request #321 from hahwul/dev 5c1e792 Merge pull request #319 from hahwul/main fd65dc3 Merge pull request #317 from hahwul/dependabot/go_modules/github.com/swaggo/swag-1.7.6 90b5090 Merge pull request #316 from hahwul/dependabot/go_modules/github.com/chromedp/chromedp-0.7.6 2d832bb Merge branch ‘main’ of [Hidden Content] into main 2fb311a Bump github.com/swaggo/swag from 1.7.4 to 1.7.6 237def7 Bump github.com/chromedp/chromedp from 0.7.4 to 0.7.6 9b9f256 (#320) Update lib interface 0eabf85 (#318) Add PoCType in lib fdb9d74 (#315) Add gzip handling in SendReq function 9ab9e6f (#315) Add gzip handling in ParamterAnalysis [Hidden Content]
-
xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post: use fetch POST urlencoded postJSON: use fetch POST json encoded sendBeacon: use navigator.sendBeacon console: for debugging, simply use console.log img: create an img tag to exfiltrate via GET style: create a style tag to exfiltrate via GET iframe: create an iframe tag to exfiltrate via GET [hide][Hidden Content]]
-
JSshell – a JavaScript reverse shell. This using to exploit XSS remotely, help to find blind XSS, … This tool works for both Unix and Windows operating system and it can be running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSS by s0med3v. JSshell also doesn’t require Netcat (different from other javascript shells). New in JSshell version 2.9 Updated in the new version of JShell 2.9: New JSshell command: cookie -> allows to view the cookies of the current user who established the shell Support javascript function: Fixed some bugs [hide][Hidden Content]]
-
PwnXSS A powerful XSS scanner made in python 3.7. Main features crawling all links on a website ( crawler engine ) POST and GET forms are supported many settings that can be customized Advanced error handling Multiprocessing support.✔️ ETC… [hide][Hidden Content]]
-
FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. [hide][Hidden Content]]
-
- 1
-
- findom-xss
- fast
-
(and 7 more)
Tagged with:
-
FinDOM-XSS FinDOM-XSS is a tool that allows you to find possible and/ potential DOM-based XSS vulnerability in a fast manner. [HIDE][Hidden Content]]
-
- findom-xss:
- fast
-
(and 5 more)
Tagged with:
-
XSS-Freak XSS-Freak is an XSS scanner fully written in python3 from scratch. It is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. Then it searches them for input tags and then launches a bunch of XSS payloads. if an input is not sanitized and vulnerable to XSS attacks, the tool will discover it in seconds. Advantages: Supports Multithreading For Efficiency and Faster Processing. One Of It Kind. Ability To Crawl All the sites not only a specific webpage. Versatile. Disadvantages: Isn’t Supported On Phones Due to the high demand for hardware. Requires a High-Speed internet connection for it to work well or you will get errors or take too much time. Requires Medium to best hardware since it deals and manages with high amounts of threads and any old hardware the script will cause the computer to lag or crash so take care. [HIDE][Hidden Content]]
-
How to easily find Reflected XSS vulnerabilities! [Hidden Content]
-
NoXss NoXss is a xss scanner, include reflected xss and dom-based xss.It can scan a single url or many urls from text file,also support to scan traffic from burpsuite.It has found some xss vulnerabilities in Bug Bounty program. Features Multi-process Async request(use gevent) Support Dom-based xss(use browser) and reflected xss Support single url,file and traffic from Burpsuite Traffic filter based on interface Support speicial headers(referer,cookie,customized token,e.g.) Support rescan quickly by id [HIDE][Hidden Content]]
-
Firefox Extension of HackBar without license A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar. How to use Press F12 to open hackbar Feature Load, split, execute url from address bar. Custom/add referrer url, User Agent, cookie. Tools: md5, sha1, sha256, rot13 encryption, url, base64 encoding, beautifier json data, sql, xss features. Shortcut Ctrl + Enter to execute FOREVER FREE Download && Code Source [Hidden Content]
-
A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found Here [Hidden Content] What is JSONBee ? The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url name (i.e. [Hidden Content]), parses the CSP (Content-Security-Policy), and automatically suggest the XSS payload that would bypass the CSP. It mainly focuses on JSONP endpoints gathered during my bug bounty hunting activities, and could be used to bypass the CSP. JSONBee relies on 3 methods to gather the JSONP endpoints: The repository within this project; Google dorks; Internet archive (archive[.]org). The tool is not yet fully completed as I'm still adding some validations and features too. However, the repository will be hosted here so that anyone can use it till the tool is ready. The repo contains ready-to-use payloads that can bypass CSP for Facebook[.]com, Google[.]com and more. Bypasing Facebook.com Content-Security policy: Facebook.com allows *.google[.]com in its CSP policy (script-src directive), thus, below payload would work like a charm to execute JavaScript on Facebook[.]com: "><script+src="[Hidden Content]"></script> If you came across a website that trusts any of the domains in jsonp.txt file in its script-src directive, then pickup a payload that matches the domain and have fun 🙂 How can you help? You are all welcome to contribute by adding links to sites that uses JSONP endpoins/callbacks to make the repo bigger and more usefull for bug hunters, pentesters, and security researchers. Download [Hidden Content]
-
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. [HIDE][Hidden Content]]
-
Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. View the full article
-
- open-xchange
- app
-
(and 7 more)
Tagged with:
-
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is a Hacktoberfest Project! If you are looking for a place to make contribute, please feel free. Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of scan. Getting Started Prerequisites Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command: brew install cask chromedriver Installation Run the command: pip3 install -r requirements.txt Running Traxss Traxx can be started with the command: python3 traxss.py This will launch an interactive CLI to guide you through the process. Types of Scans Full Scan w/ HTML Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta). Full Scan w/o HTML This scan will run the query scan only. Fast Scan w/ HTML This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors. Fast Scan w/o HTML This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors. More info && Download [Hidden Content]
-
[Hidden Content]
-
- 1
-
- finefriends.social
- stored
- (and 4 more)
-
Blocked Window Alert - Prompt - Confirm - Open XSS && block function Window.Console To deblock make var DEBUG = true if i have forget some function you can add here on Comment Thanks [Hidden Content] Tested on my Blog: [hide][Hidden Content]] Reference : [hide][Hidden Content]]