ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-21 22:23:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

XSS Tools added

Browse Source
This commit is contained in:
Max Boll 2020-10-27 13:31:37 +01:00
parent 91fc542c81
commit 350c55a1ac
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
XSS Injection/README.md
View File

@ -63,6 +63,8 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall
- [CSP Bypass](#csp-bypass) - [CSP Bypass](#csp-bypass)
- [Common WAF Bypass](#common-waf-bypass) - [Common WAF Bypass](#common-waf-bypass)
## Exploit code or POC ## Exploit code or POC
### Data grabber for XSS ### Data grabber for XSS
@ -123,6 +125,13 @@ More exploits at [http://www.xss-payloads.com/payloads-list.html?a#category=all]
<script>debugger;</script> <script>debugger;</script>
``` ```
### Tools
* [XSSStrike](https://github.com/s0md3v/XSStrike): Very popular but unfortunately not very well maintained
* [xsser](https://github.com/epsylon/xsser): Utilizes a headless browser to detect XSS vulnerabilities
* [Dalfox](https://github.com/hahwul/dalfox): Extensive functionality and extremely fast thanks to the implementation in Go
* [XSpear](https://github.com/hahwul/XSpear): Similar to Dalfox but based on Ruby
* [domdig](git@github.com:fcavallarin/domdig.git): Headless Chrome XSS Tester
## XSS in HTML/Applications ## XSS in HTML/Applications
### Common Payloads ### Common Payloads