Skip to content
/ XSSploit Public

Tool for finding input fields and testing them for xss

License

GPL-3.0 license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GH0STH4CKER/XSSploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
xsspayloads.txt
xsspayloads.txt
 
 
xssploit.py
xssploit.py
 
 

Repository files navigation

XSSploit Documentation

📜 Introduction

This Python script is designed to test websites for Cross-Site Scripting (XSS) vulnerabilities. It allows you to provide a target URL, detect input fields, and test various payloads to identify potential security weaknesses.

Disclaimer ⚠️

This script is provided for educational purposes only. Unauthorized use of this script for malicious intent is illegal and unethical. Be sure to adhere to ethical standards and legal regulations when using your programming skills.

📋 Table of Contents

  1. Introduction
  2. Getting Started
  3. Usage
  4. Script Explanation
  5. Payloads
  6. Target URL
  7. Finding Input Fields
  8. Session Handling
  9. Output
  10. Troubleshooting
  11. Contributing
  12. License

🚀 Getting Started

Before using the script, ensure you have the necessary prerequisites and dependencies.

📋 Prerequisites

  • Python 3.x
  • Requests library (pip install requests)
  • Colorama library (pip install colorama)
  • BeautifulSoup library (pip install beautifulsoup4)

⚙️ Installation

  1. Clone or download the script from the repository.
  2. Install the required dependencies using the provided requirements.txt file: 
    pip install -r requirements.txt

📖 Usage

To use the script, follow these steps:

  1. Run the script using python xssploit.py.
  2. Provide the target URL when prompted.
  3. Choose between testing a single payload or multiple payloads.
  4. The script will analyze the target, identify input fields, and test the chosen payloads for XSS vulnerabilities.
  5. Results will be displayed on the console.

screenshot

🧩 Script Explanation

Global Variables

  • lc, dc, lr, ly: Color codes for console output.
  • Other variables for counting vulnerabilities and storing payload URLs.

Function: testXss

This function tests for XSS vulnerabilities using a provided payload.

🎯 Payloads

Single Payload

  • Modify the single_payload variable to customize the payload for testing.

Payload File

  • Store multiple payloads in the xsspayloads.txt file, with each payload on a new line.

🎯 Target URL

  • Enter the target URL when prompted to start the testing process.

🎯 Finding Input Fields

Form Action

  • The script locates the form action URL using the first <form> tag in the HTML content.

Input Name

  • The script identifies input names using the first <input> tag with type "text" or "search".

🛠️ Session Handling

  • The script uses the requests.Session() object to manage the HTTP session.

📝 Output

  • The script outputs messages indicating payload testing progress and results.

❗ Troubleshooting

  • If you encounter issues, ensure you have installed the required libraries and provided a valid target URL.

🤝 Contributing

  • If you'd like to contribute to the script's development, feel free to submit pull requests

author
Visitor Badge

About

Tool for finding input fields and testing them for xss

Resources

Readme

License

GPL-3.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages