XSS

Cheatsheets and How To's

LogoGitHub - s0md3v/AwesomeXSS: Awesome XSS stuffGitHub
LogoCross-Site Scripting (XSS) Cheat Sheet - 2022 Edition | Web Security AcademyWebSecAcademy
LogoXSS Filter Evasion - OWASP Cheat Sheet Series
LogoXSS (Cross Site Scripting)HackTricks
LogoXSSI (Cross-Site Script Inclusion)HackTricks
Excess XSS: A comprehensive tutorial on cross-site scripting
LogoGitHub - LucaBongiorni/XSS.png: A XSS mind map ;)GitHub
LogoHome ยท wisec/domxsswiki WikiGitHub
LogoStored XSS Via File Upload [SVG File Content]Medium
LogoDOM-based vulnerabilities | Web Security AcademyWebSecAcademy
LogoWhat is cross-site scripting (XSS) and how to prevent it? | Web Security AcademyWebSecAcademy
LogoStored XSS Via File Upload [SVG File Content]Medium
LogoFraming without iframesPortSwigger Research
LogoThe 7 Main XSS Cases Everyone Should Know - Brute XSSBrute XSS
LogoA Pentesterโ€™s Guide to Cross-Site Scripting (XSS) | Cobalt

Tools

LogoGitHub - s0md3v/XSStrike: Most advanced XSS scanner.GitHub
LogoGitHub - hahwul/XSpear: Powerfull XSS Scanning and Parameter analysis tool&gemGitHub
LogoGitHub - hahwul/dalfox: ๐ŸŒ™๐ŸฆŠ DalFox is an powerful open source XSS scanning tool and parameter analyzer, utilityGitHub
LogoGitHub - t3l3machus/toxssin: A POST-XSS exploitation tool.GitHub
LogoGitHub - ssl/ezXSS: ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.GitHub
LogoGitHub - dwisiswant0/findom-xss: A fast DOM based XSS vulnerability scanner with simplicity.GitHub
LogoGitHub - fcavallarin/domdig: DOM XSS scanner for Single Page ApplicationsGitHub
LogoGitHub - cure53/DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:GitHub
LogoGitHub - DanMcInerney/xsscrapy: XSS spider - 66/66 wavsep XSS detectedGitHub
LogoGitHub - epsylon/xsser: Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.GitHub
LogoGitHub - rajeshmajumdar/BruteXSS: BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience.GitHub
LogoGitHub - kleiton0x00/XSScope: XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.GitHub
LogoGitHub - SpiderMate/B-XSSRF: Toolkit to detect and keep track on Blind XSS, XXE & SSRFGitHub
LogoGitHub - LewisArdern/bXSS: bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.GitHub
LogoGitHub - s0md3v/JShell: JShell - Get a JavaScript shell with XSS.GitHub
LogoGitHub - Quitten/XSSor: XSSor is a semi-automatic reflected and persistent XSS detector extension for Burp Suite. The tool was written in Python by Barak Tawily, an application security expert. XSSor was designed to help security testers by performing semi-automatic reflected and persistent XSS detection tests.GitHub
LogoGitHub - menkrep1337/XSSCon: XSSCon: Simple XSS Scanner toolGitHub
LogoGitHub - whitel1st/docem: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)GitHub
LogoGitHub - shadow-workers/shadow-workers: Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)GitHub
LogoGitHub - thenurhabib/collector: Collect XSS vulnerable parameters from entire domain.GitHub

Payloads

LogoTop 500 Most Important XSS Cheat Sheet for Web Application PentestingGBHackers On Security
LogoPayloadsAllTheThings/XSS Injection at master ยท swisskyrepo/PayloadsAllTheThingsGitHub
LogoGitHub - payloadbox/xss-payload-list: ๐ŸŽฏ Cross Site Scripting ( XSS ) Vulnerability Payload ListGitHub
LogoGitHub - nettitude/xss_payloads: Exploitation for XSSGitHub
Logoxss payloads collect
LogoGitHub - cujanovic/Markdown-XSS-Payloads: XSS payloads for exploiting Markdown syntaxGitHub
XSS Payloads
PreviousRemediationNextRemediation

Last updated