Skip to content

"XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities in web apps. Tests for reflected and persistent XSS. Customize request headers, cookies, proxies, and auth. Find and exploit vulnerabilities with our XSS automation tool."

License

Notifications You must be signed in to change notification settings

EmperialX/XSS-Automation-Tool

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

XSS Automation Tool

This tool is designed to help hackers identify and exploit cross-site scripting (XSS) vulnerabilities in web applications. XSS vulnerabilities occur when an application includes user-supplied data in its responses without properly sanitizing it, allowing an attacker to inject malicious code into the response that is then executed by the victim's browser.

Requirements

Python 3.6 or newer requests library (install with pip install requests)

Installation

To install the XSS automation tool, follow these steps: Download or clone the repository from GitHub.

git clone https://github.com/EmperialX/XSS-Automation-Tool.git

Install the required libraries by running

pip install requests schedule asyncio html

Usage

To use the XSS automation tool, run the following command:

python xss_scanner.py http://example.com xss_payloads.txt reflected url get base64

Write the payloads to a text file

create own payloads to a text file:

xss_payloads = [
    <scripts@example>
]
with open('xss_payloads.txt', 'w') as f:
    for payload in xss_payloads:
        f.write(payload + '\n')

This is create xss_payload.txt file

Note

Make sure to provide the correct values for each argument. For example, payloads_file should be the name of a file containing a list of payloads to test, vuln_type should be either reflected or persistent, injection_point should be either url, header, cookie, or javascript, http_method should be either get or post, and encoding should be either base64, url, or html.

Case

XSS attacks were first reported in 1995, and have since become more common and sophisticated. This Tools can also be used to protect websites and users from these attacks.

Disclaimer

This tool is intended for educational and testing purposes only. It is not intended to be used for unethical or illegal activities. Use at your own risk.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributions

Contributions are welcome! If you have an idea for a new feature or have found a bug, please open an issue or submit a pull request.

Authors

Shashi Raj - Initial work @EmperailX

About

"XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities in web apps. Tests for reflected and persistent XSS. Customize request headers, cookies, proxies, and auth. Find and exploit vulnerabilities with our XSS automation tool."

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages