XSS

Cheatsheets and How To's

GitHub - s0md3v/AwesomeXSS: Awesome XSS stuffGitHub

Cross-Site Scripting (XSS) Cheat Sheet - 2022 Edition | Web Security AcademyWebSecAcademy

XSS Filter Evasion - OWASP Cheat Sheet Series

XSS (Cross Site Scripting)HackTricks

XSSI (Cross-Site Script Inclusion)HackTricks

Excess XSS: A comprehensive tutorial on cross-site scripting

GitHub - LucaBongiorni/XSS.png: A XSS mind map ;)GitHub

Home · wisec/domxsswiki WikiGitHub

Stored XSS Via File Upload [SVG File Content]Medium

DOM-based vulnerabilities | Web Security AcademyWebSecAcademy

What is cross-site scripting (XSS) and how to prevent it? | Web Security AcademyWebSecAcademy

Stored XSS Via File Upload [SVG File Content]Medium

Framing without iframesPortSwigger Research

The 7 Main XSS Cases Everyone Should Know - Brute XSSBrute XSS

A Pentester’s Guide to Cross-Site Scripting (XSS) | Cobalt

Tools

GitHub - s0md3v/XSStrike: Most advanced XSS scanner.GitHub

GitHub - hahwul/XSpear: Powerfull XSS Scanning and Parameter analysis tool&gemGitHub

GitHub - hahwul/dalfox: 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utilityGitHub

GitHub - t3l3machus/toxssin: A POST-XSS exploitation tool.GitHub

GitHub - ssl/ezXSS: ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.GitHub

GitHub - dwisiswant0/findom-xss: A fast DOM based XSS vulnerability scanner with simplicity.GitHub

GitHub - fcavallarin/domdig: DOM XSS scanner for Single Page ApplicationsGitHub

GitHub - cure53/DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:GitHub

GitHub - DanMcInerney/xsscrapy: XSS spider - 66/66 wavsep XSS detectedGitHub

GitHub - epsylon/xsser: Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.GitHub

GitHub - rajeshmajumdar/BruteXSS: BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience.GitHub

GitHub - kleiton0x00/XSScope: XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.GitHub

GitHub - SpiderMate/B-XSSRF: Toolkit to detect and keep track on Blind XSS, XXE & SSRFGitHub

GitHub - LewisArdern/bXSS: bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.GitHub

GitHub - s0md3v/JShell: JShell - Get a JavaScript shell with XSS.GitHub

GitHub - Quitten/XSSor: XSSor is a semi-automatic reflected and persistent XSS detector extension for Burp Suite. The tool was written in Python by Barak Tawily, an application security expert. XSSor was designed to help security testers by performing semi-automatic reflected and persistent XSS detection tests.GitHub

GitHub - menkrep1337/XSSCon: XSSCon: Simple XSS Scanner toolGitHub

GitHub - whitel1st/docem: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)GitHub

GitHub - shadow-workers/shadow-workers: Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)GitHub

GitHub - thenurhabib/collector: Collect XSS vulnerable parameters from entire domain.GitHub

Payloads

Top 500 Most Important XSS Cheat Sheet for Web Application PentestingGBHackers On Security

PayloadsAllTheThings/XSS Injection at master · swisskyrepo/PayloadsAllTheThingsGitHub

GitHub - payloadbox/xss-payload-list: 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload ListGitHub

GitHub - nettitude/xss_payloads: Exploitation for XSSGitHub

xss payloads collect

GitHub - cujanovic/Markdown-XSS-Payloads: XSS payloads for exploiting Markdown syntaxGitHub

XSS Payloads

Cross-site Scripting Payloads Cheat SheetLinuxSec Exploit

Common XSS payloads I use💻 | Blog

Polyglots: The Ultimate XSS PayloadsChef Secure

GitHub - ihebski/XSS-Payloads: Collection of XSS Payloads for fun and profitGitHub