XSStrike
xss-payload-list
XSStrike | xss-payload-list | |
---|---|---|
2 | 6 | |
12,738 | 5,661 | |
- | 3.1% | |
0.0 | 0.0 | |
about 2 months ago | 5 months ago | |
Python | ||
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
XSStrike
-
I'm not sure what tool I can even use for my assignment?
For XSS: https://github.com/s0md3v/XSStrike
- Crawling with XSStrike only works if i provide specific path?!
xss-payload-list
-
XSS example
Like an example XSS payload? Go nuts: https://github.com/payloadbox/xss-payload-list
-
Go with PHP
Otherwise, only vague and unsubstantiated claims, which does not help PHP nor any other programming language or framework.
[] https://github.com/payloadbox/xss-payload-list
- SC
- A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
- Cross Site Scripting ( XSS ) Vulnerability Payload List
-
Password protected website (no username) - best way in?
Tried it now, with the https://github.com/payloadbox/xss-payload-list/tree/master/Intruder list.
What are some alternatives?
xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
ssti-payloads - 🎯 Server Side Template Injection Payloads
hackingtool - ALL IN ONE Hacking Tool For Hackers
sql-injection-payload-list - 🎯 SQL Injection Payload List
Awesome-WAF - 🔥 Web-application firewalls (WAFs) from security standpoint.
OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
plugin-cloud-storage - The official cloud storage plugin for Payload
dalfox - 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
hawk - Network, recon and offensive-security tool for Linux.
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.