JShell - Get a JavaScript shell with XSS.
Switch branches/tags
Nothing to show
Clone or download
s0md3v Merge pull request #1 from voidz0r/master
Adding OSX compatibility for netcat and using sleep function instead of timeout
Latest commit 558906f Jul 17, 2018



JShell - Get a JavaScript shell with XSS.


Run shell.py
and JShell will automatically try to detect your IP address, default LPORT is 33.

As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim.
As soon as you do that, you will get a JS shell over netcat where you can execute your JavaScript code in victim's browser as soon as the injected page is open.
Here's a screenshot:

Credits, Disclaimer & License

This script uses the method demostrated by Rodolfo Assis
Disclaimer: I am not responsible for the shit you do with this tool.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.