Skip to content

XssFleet-v2.0.0

Latest
Latest

Choose a tag to compare

View all tags
@jhli07 jhli07 released this 06 May 14:37
· 2 commits to main since this release
v2.0.0
66184b0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

2.0.0 - 2026-05-06

Added

Core Detection Engine

  • Integrated XSStrike's advanced HTML parsing algorithm (htmlParser)
  • Implemented context-aware payload generation system
  • Added intelligent reflection point detection
  • Support for multiple HTML contexts: html, attribute, javascript, dom_based, url_param

Exploitation Framework

  • Integrated BeEF-inspired browser hook capabilities
  • Added Cookie theft payload generation
  • Implemented keylogger functionality
  • Added clipboard theft capability
  • Support for fake login form generation
  • Full reverse shell browser control

ngrok Integration

  • Automatic ngrok tunnel creation
  • Support for system-installed ngrok
  • Fallback to pyngrok package
  • Automatic URL generation for payloads

Payload System

  • Added xss-labs level 2-10 bypass payloads
  • Unicode encoding bypass techniques
  • Double-write bypass payloads
  • Case variation bypass support
  • Attribute injection payloads

Verification System

  • Real-time payload testing
  • Reflection validation
  • Payload prioritization system

Changed

Architecture

  • Refactored detection engine for better performance
  • Unified codebase structure
  • Removed external XSStrike dependencies
  • Removed external BeEF dependencies

Detection Algorithm

  • Improved WAF bypass techniques
  • Enhanced context analysis
  • Better false positive reduction
  • Optimized payload generation (5000+ payloads)

User Interface

  • Improved scan progress display
  • Enhanced verbose mode output
  • Better error handling
  • Improved ngrok integration messages

Fixed

  • SSL verification warnings (urllib3 InsecureRequestWarning)
  • False positive detection in title/meta/style tags
  • HTTP method parameter order issue
  • ngrok path detection on Windows
  • Level 7 double-write bypass detection
  • Level 8-9 Unicode encoding bypass
  • Level 10 hidden parameter detection
  • XSSExploiter missing methods error

Security

  • Added legal disclaimer for exploitation mode
  • Improved input validation
  • Enhanced error handling
  • Secure cookie handling

Deprecated

  • Legacy payload generation system
  • Old verification methods

Removed

  • External XSStrike module dependencies
  • External BeEF module dependencies
  • Redundant test files
  • Unused configuration options

1.0.0 - 2026-01-15

Added

  • Initial release
  • Basic XSS detection
  • Payload repository
  • HTTP request handling
  • Report generation
  • CLI interface
Assets 2
Loading