{"id":20758489,"url":"https://github.com/darkpurple141/xss-test","last_synced_at":"2025-09-08T00:45:02.820Z","repository":{"id":50206485,"uuid":"134196598","full_name":"DarkPurple141/xss-test","owner":"DarkPurple141","description":"A utility to test the success of xss payloads on a target website. Use responsibly.","archived":false,"fork":false,"pushed_at":"2022-12-08T00:59:46.000Z","size":15,"stargazers_count":1,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-18T06:56:12.351Z","etag":null,"topics":["penetration-testing","pentesting","python3","security","tools","websec","xss","xss-exploitation"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DarkPurple141.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-20T23:56:19.000Z","updated_at":"2023-02-15T10:52:10.000Z","dependencies_parsed_at":"2023-01-24T01:55:10.713Z","dependency_job_id":null,"html_url":"https://github.com/DarkPurple141/xss-test","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/DarkPurple141/xss-test","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkPurple141%2Fxss-test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkPurple141%2Fxss-test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkPurple141%2Fxss-test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkPurple141%2Fxss-test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DarkPurple141","download_url":"https://codeload.github.com/DarkPurple141/xss-test/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkPurple141%2Fxss-test/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274117523,"owners_count":25225104,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["penetration-testing","pentesting","python3","security","tools","websec","xss","xss-exploitation"],"created_at":"2024-11-17T09:51:36.469Z","updated_at":"2025-09-08T00:45:02.793Z","avatar_url":"https://github.com/DarkPurple141.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# XSS-Tester\nAutomatically tests whether a user provided domain and subpaths within a domain has XSS vulnerabilities. Form fields are required for all paths. Configuration via the config.json file.\n\n## Requirements\n* python3+\n* requests module\n\n## Usage\n```bash\n# tbh please just use the json as explained below\n./xss.py -d [domain] -u [username] -p [password] -paths [,seperated path]\n\n# or default requires auth, domain to be in json file\n./xss.py\n```\n\n## config.json\n\nProbably the best way to use this as the CLI isn't fully implemented.\n\nField | Description | Type\n-----|--------|-----\n`domain` | The domain being targeted, include `https://` or `http://` | String\n`auth` | An object including a login path and fields required for login -- important for session persistence and form abuse on most sites | Object\n`auth.path` | The login path | String\n`auth.creds` | As above, these are in whatever form is required for login. Fieldnames can be altered if needed, eg. `username` =\u003e `user` if that's what site requires | Object\n`post` | The form destination path(s) and field(s) for the test. You can have multiple fields in a form on any single path. This is an array to include multiple different possible paths. | Array\n`get` | Simpler than post, only requires a path string for each corresponding post path, eg. if there are 10 paths being tested in 'post' there must be 10 paths in 'get' | Array\n\nAn example config.json is provided in the repo and as below.\n\n```json\n// injection and paths arrays must be same size\n// keys for auth are whatever is required for auth on example.com\n{\n   \"domain\": \"http://example.com\",\n   \"auth\"  : {\n      \"path\": \"login\",\n      \"creds\": {\n         \"username\": \"admin\",\n         \"password\": \"admin\"\n      }\n   },\n   \"post\": [\n      {\n         \"field\": [\"post\"],\n         \"path\" : \"/\"\n      }\n   ],\n   \"get\": [\"\"]\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarkpurple141%2Fxss-test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdarkpurple141%2Fxss-test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarkpurple141%2Fxss-test/lists"}