xss-listener - 🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

  •        16

From now on, you do not need XSS listeners! XSS listener records the data you have stolen on the remote site in the database, and gives instant notification with telegram / slack.

https://github.com/cagataycali/xss-listener

Dependencies:

@slack/client : ^4.0.0
body-parser : ^1.17.2
dotenv : ^4.0.0
express : ^4.15.3
nedb : ^1.8.0
node-telegram-bot-api : ^0.27.1

Tags
Implementation
License
Platform

   




Related Projects

xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

  •    HTML

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

  •    Javascript

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.

Bluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

  •    Go

bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.

ezXSS - ezXSS is an easy way to test (blind) XSS

  •    HTML

ezXSS is an easy way to test (blind) Cross Site Scripting. I'm currently busy with building ezXSS 3. The whole application will be re-coded.

OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

  •    Python

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation. Antivirus Solutions may detect it as a threat. However it is due to the features in the exploitation framework.


protect - Proactively protect your Node.js web services

  •    Javascript

Works on Node.js v6 and newer. The purpose of this module is to provide out-of-box, proactive protection for common security problems, like SQL injection attacks, XSS attacks, brute force, etc...

XSStrike - XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator

  •    Python

XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Note: XSStrike isn't compatible with Python2 anymore, please use python3 xsstrike to run it. Changelog contains the changes made to XSStrike after the XSStrike v2.0 pre-beta release.

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

xss-filters - Secure XSS Filters.

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)). Figure 1. "Just sufficient" encoding based on the HTML5 spec.

x5s - test encodings and character transformations to find XSS hotspots

  •    

x5s is a Fiddler addon that aims to assist penetration testers in finding cross-site scripting (XSS) vulnerabilities. By auto-injecting special character-probes into all inputs x5s can detect where the emitted character may be ill-encoded or transformed in a vulnerable way.

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  •    Javascript

So many amazing tools have come out since the release of Sleepy Puppy that streamline the original goals of the project. We're currently leaving Sleepy Puppy code online but are not planning on adding any new features or addressing issues/pull requests. If you are interested in maintaining this project, please reach out to me (sbehrens@netflix.com). Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.

ProceXSS

  •    ASPNET

ProceXSS is a Asp.NET Http module for detecting and ignoring xss attacks.

AwesomeXSS - Awesome XSS stuff

  •    Javascript

Awesome XSS stuff. Put this repo on watch. I will be updating it regularly. Yep, confirm because alert is too mainstream.

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  •    Javascript

Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.##Why Should I use Sleepy Puppy?## Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.

HtmlSanitizer - Cleans HTML to avoid XSS attacks

  •    CSharp

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style.

HTML Purifier - Standards compliant HTML filter written in PHP

  •    PHP

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

XSS Attack

  •    

This tool will simulate an attack on your database and update up to 5000 rows in every table and replace your strings in your database with random XSS attacks. Just imagine a malicious user had direct access to your database and tried to to his best to XSS attack your site.

ATSCAN - Advanced Search & Mass Exploit Scanner- فاحص متقدم لبحث و استغلال الثغرات بالجملة

  •    Perl

● Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Extern commands execution. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress and Joomla sites. ● Find Admin page. ● Decode / Encode Base64 / MD5 ● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● Interactive and Normal interface. ● And more...