Our community has moved to Discord. Join us there!
These forums are still up for historical purposes.

  • Posted by Christophe on October 26, 2020 at 4:06 pm

    As I’m working on a new XSS course, I wanted to share some of the tools that I’ll be demonstrating, that I’ve come across during research, or that I’ve used in the past, with a quick explanation of what it is and how it works.

    XSS Detection and exploitation

    There are many others, but these are ones I’ve found that are still maintained and don’t have too many bugs.

    Do you know of any other good ones? Please share below!


    Generates payloads, has a fuzzing engine, fast crawler, and uses multiple parsers to analyze responses. It also includes parameter discovery, WAF detection, and it includes a scanner for DOM XSS

    Basic usage:

    python xsstrike.py -u "http://target.com/search.php?q=query"


    Includes over 1,300 XSS attack vectors with several options to try and bypass certain filters. Also includes a GUI, although I’ve found it can be a bit of a pain to use with some applications.

    python xsser --gtk


    Designed to help detect blind XSS by setting up a dashboard with statistic, payloads, and view/share/search reports. You can get instant email alerts when something is detected. Can be installed with Apache, NGINX, or Docker.

    Live demo is available at https://demo.ezxss.com/manage with password demo1234

    XSS Hunter

    You can set it up on your own from GitHub or you can go to https://xsshunter.com/

    You get a custom subdomain to generate your payloads, like this:


    When a vulnerability is found, it collects the information and sends it over to you.


    BeEF is a Browser Exploitation Framework. It essentially ‘hooks’ user browsers and uses them as beachheads to launch further attacks. This framework isn’t necessarily just used for XSS, but you can use it with XSS attacks because you can deliver the BeEF hook in your XSS payload, and it will then communicate back with your BeEF installation every few seconds to keep the connection going.

    Once you’ve hooked a browser, you can use all kinds of command modules against the hooked browser.

    Christophe replied 3 years, 7 months ago 1 Member · 0 Replies
  • 0 Replies

Sorry, there were no replies found.

Log in to reply.