XSS Cross Site Scripting

  • XSStrike - Most advanced XSS scanner.

  • xssor2 - XSS'OR - Hack with JavaScript.

  • xsscrapy - XSS spider - 66/66 wavsep XSS detected

  • sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  • ezXSS - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

  • xsshunter - The XSS Hunter service - a portable version of XSSHunter.com

  • dalfox - DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

  • xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

  • XSpear - Powerfull XSS Scanning and Parameter analysis tool&gem

  • weaponised-XSS-payloads - XSS payloads designed to turn alert(1) into P1

  • tracy - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

  • ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

  • xssValidator - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

  • JSShell - An interactive multi-user web JS shell

  • bXSS - bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

  • docem - Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)

  • XSS-Radar - XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.

  • BruteXSS - BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application.

  • findom-xss - A fast DOM based XSS vulnerability scanner with simplicity.

  • domdig - DOM XSS scanner for Single Page Applications

  • femida - Automated blind-xss search for Burp Suite

  • B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF

  • domxssscanner - DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

  • xsshunter_client - Correlated injection proxy tool for XSS Hunter

  • extended-xss-search - A better version of my xssfinder tool - scans for different types of xss on a list of urls.

  • xssmap - XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

  • XSSCon - XSSCon: Simple XSS Scanner tool

  • BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities

  • XSSOauthPersistence - Maintaining account persistence via XSS and Oauth

  • shadow-workers - Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

  • rexsser - This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope.

  • xss-flare - XSS hunter on cloudflare serverless workers.

  • Xss-Sql-Fuzz - burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz

  • vaya-ciego-nen - Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

  • dom-based-xss-finder - Chrome extension that finds DOM based XSS vulnerabilities

  • XSSTerminal - Develop your own XSS Payload using interactive typing

  • xss2png - PNG IDAT chunks XSS payload generator

  • XSSwagger - A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks

PreviousSQLi SQL InjectionNextXXE Injection

Last updated