From 350c55a1ac25704b91e7a8c51debceba1f8833ec Mon Sep 17 00:00:00 2001 From: Max Boll Date: Tue, 27 Oct 2020 13:31:37 +0100 Subject: [PATCH 1/2] XSS Tools added --- XSS Injection/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 21af4b7..5f3b745 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -63,6 +63,8 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall - [CSP Bypass](#csp-bypass) - [Common WAF Bypass](#common-waf-bypass) + + ## Exploit code or POC ### Data grabber for XSS @@ -123,6 +125,13 @@ More exploits at [http://www.xss-payloads.com/payloads-list.html?a#category=all] ``` +### Tools +* [XSSStrike](https://github.com/s0md3v/XSStrike): Very popular but unfortunately not very well maintained +* [xsser](https://github.com/epsylon/xsser): Utilizes a headless browser to detect XSS vulnerabilities +* [Dalfox](https://github.com/hahwul/dalfox): Extensive functionality and extremely fast thanks to the implementation in Go +* [XSpear](https://github.com/hahwul/XSpear): Similar to Dalfox but based on Ruby +* [domdig](git@github.com:fcavallarin/domdig.git): Headless Chrome XSS Tester + ## XSS in HTML/Applications ### Common Payloads From 2a65064d15379a6eceba9627c5e7623dc505a773 Mon Sep 17 00:00:00 2001 From: Max Boll Date: Tue, 27 Oct 2020 14:10:35 +0100 Subject: [PATCH 2/2] little update --- XSS Injection/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/XSS Injection/README.md b/XSS Injection/README.md index 5f3b745..022ad40 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -126,11 +126,14 @@ More exploits at [http://www.xss-payloads.com/payloads-list.html?a#category=all] ``` ### Tools + +Most tools are also suitable for blind XSS attacks: + * [XSSStrike](https://github.com/s0md3v/XSStrike): Very popular but unfortunately not very well maintained * [xsser](https://github.com/epsylon/xsser): Utilizes a headless browser to detect XSS vulnerabilities * [Dalfox](https://github.com/hahwul/dalfox): Extensive functionality and extremely fast thanks to the implementation in Go * [XSpear](https://github.com/hahwul/XSpear): Similar to Dalfox but based on Ruby -* [domdig](git@github.com:fcavallarin/domdig.git): Headless Chrome XSS Tester +* [domdig](https://github.com/fcavallarin/domdig): Headless Chrome XSS Tester ## XSS in HTML/Applications