{"id":31057090,"url":"https://github.com/kishwordulal1234/phantomxss","last_synced_at":"2025-09-15T06:48:18.156Z","repository":{"id":306543554,"uuid":"1018501469","full_name":"kishwordulal1234/phantomXSS","owner":"kishwordulal1234","description":"๐Ÿ’€ Advanced Multi-Vector XSS Scanner | Automated crawling + payload testing | Reflected/Stored/DOM XSS detection | JSON reports | WAF evasion | Cookie support | 80+ modern payloads | Enterprise-ready security tool","archived":false,"fork":false,"pushed_at":"2025-08-04T13:17:19.000Z","size":91,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-04T17:32:33.249Z","etag":null,"topics":["advanced-security","bugbounty","perl","vulnerability-scanner","xss","xss-detection","xss-exploitation","xss-payload-list","xss-payloads","xss-scanner","xss-vulnerability","xsspayload"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kishwordulal1234.png","metadata":{"files":{"readme":"README.markdown","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-12T11:54:41.000Z","updated_at":"2025-08-04T13:17:22.000Z","dependencies_parsed_at":"2025-07-26T11:26:46.114Z","dependency_job_id":"243d60ee-b613-4f0b-9e10-72e3a7dafd6e","html_url":"https://github.com/kishwordulal1234/phantomXSS","commit_stats":null,"previous_names":["kishwordulal1234/phantomxss"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/kishwordulal1234/phantomXSS","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kishwordulal1234%2FphantomXSS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kishwordulal1234%2FphantomXSS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kishwordulal1234%2FphantomXSS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kishwordulal1234%2FphantomXSS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kishwordulal1234","download_url":"https://codeload.github.com/kishwordulal1234/phantomXSS/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kishwordulal1234%2FphantomXSS/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275219501,"owners_count":25425888,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-15T02:00:09.272Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["advanced-security","bugbounty","perl","vulnerability-scanner","xss","xss-detection","xss-exploitation","xss-payload-list","xss-payloads","xss-scanner","xss-vulnerability","xsspayload"],"created_at":"2025-09-15T06:48:16.655Z","updated_at":"2025-09-15T06:48:18.141Z","avatar_url":"https://github.com/kishwordulal1234.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ๐Ÿš€ PhantomXSS Scanner v2.0 ๐ŸŒฉ๏ธ๐Ÿ’ฅ\n\n**PhantomXSS** is the **ultimate** Perl-powered XSS vulnerability scanner that obliterates boring security tools with its **blazing-fast** crawling, **vibrant** output, and **hard-hitting** detection for Reflected, Stored, and DOM-based XSS. With a ๐Ÿ”ฅ *sick* ASCII art banner and ๐ŸŽจ rainbow-colored console, itโ€™s the **badass** choice for pentesters and bug bounty hunters who want to *stand out* and *own the game*! ๐Ÿดโ€โ˜ ๏ธ\n\n---\n\n## ๐ŸŒŸ Features That Slap\n\n- **๐Ÿ”ฅ Multi-Mode Scanning**: Crush it with `all`, `r` (Reflected), `d` (DOM-based), or `sd` (Stored) XSS modes. Pick your poison! ๐Ÿ˜ˆ\n- **๐Ÿ•ธ๏ธ Smart Web Crawler**: Auto-discovers every nook and cranny of the target domain like a digital ninja. ๐Ÿฅท\n- **๐Ÿ’‰ Custom Payloads**: Load your own XSS payloads to *wreck* vulnerable sites with precision. ๐Ÿ’ฃ\n- **๐Ÿ“ Form Buster**: Sniffs out forms and blasts them with payloads to uncover Stored XSS. ๐Ÿงจ\n- **๐ŸŽจ Eye-Popping Output**: Rainbow-colored results with emojis to make your terminal *pop*! ๐ŸŒˆ\n- **โšก Lightning Fast**: Optimized with timeouts and payload limits to keep scans *snappy*. ๐ŸŽ๏ธ\n- **๐Ÿฆ„ Cross-Platform Swagger**: Runs anywhere Perl livesโ€”Linux, macOS, or Windows. ๐Ÿ’ช\n- **๐Ÿ’Ž Why Itโ€™s Epic**: Combines `LWP::UserAgent` and `WWW::Mechanize` for *unmatched* HTTP dominance, leaving other scanners in the dust. ๐Ÿ†\n\n---\n\n## ๐Ÿ› ๏ธ Installation: Get Ready to Roll\n\n### ๐Ÿ“‹ Prerequisites\n- Perl 5.10+ (the OG scripting beast ๐Ÿฆ)\n- Unix-like system (Linux/macOS) or Windows with Perl\n- Google Chrome for DOM XSS scans (because itโ€™s *headless* and cool ๐Ÿ˜Ž)\n\n### ๐Ÿ“ฆ Install Dependencies\nUnleash the power with these Perl libraries via CPAN:\n\n```bash\ncpan install Getopt::Long LWP::UserAgent URI HTML::LinkExtor Term::ANSIColor WWW::Mechanize\n```\n\nOr, for Debian-based systems, slam this command:\n\n```bash\nsudo apt-get install libgetopt-long-descriptive-perl libwww-perl libhtml-linkextor-perl libterm-ansicolor-perl libwww-mechanize-perl\n```\n\n### โœ… Verify the Vibe\nCheck if your setup is *lit*:\n\n```bash\nperl -e \"use LWP::UserAgent; use WWW::Mechanize; use HTML::LinkExtor; use Term::ANSIColor; use Getopt::Long; print '๐Ÿ”ฅ Dependencies ready to rock! ๐Ÿ”ฅ\\n';\"\n```\n\n---\n\n## ๐ŸŽฎ Usage: Time to Hack\n\nLaunch PhantomXSS with these *sick* commands:\n\n```bash\nperl xss-perl.pl -u \u003curl\u003e -w \u003cpayloads.txt\u003e -s [all|r|d|sd]\n# OR\nperl xss-perl.pl -uw \u003curl_list.txt\u003e -w \u003cpayloads.txt\u003e -s [all|r|d|sd]\n```\n\n### ๐ŸŽฏ Command-Line Options\n| Option | What It Does | Example |\n|--------|--------------|---------|\n| `-u` | Single URL to *smash* | `-u http://example.com` |\n| `-uw` | File with a list of URLs to *destroy* | `-uw urls.txt` |\n| `-w` | Payload file (defaults to `payloads.txt`) | `-w payloads.txt` |\n| `-s` | Scan mode: `all` (go ham), `r` (Reflected), `d` (DOM), `sd` (Stored) | `-s all` |\n\n### ๐Ÿš€ Example Commands\n1. Wreck a single URL with all scans:\n ```bash\n perl xss-perl.pl -u http://example.com -w payloads.txt -s all\n ```\n2. Blast multiple URLs for Reflected XSS:\n ```bash\n perl xss-perl.pl -uw urls.txt -w payloads.txt -s r\n ```\n3. Hit a URL with Stored XSS and custom payloads:\n ```bash\n perl xss-perl.pl -u http://example.com -w epic_payloads.txt -s sd\n ```\n\n---\n\n## โ“ Help Menu: Get the Lowdown\nRun without args to see the *drip*:\n\n```bash\nperl xss-perl.pl\n```\n\nOutput:\n```\nUsage: perl xss-perl.pl -u \u003curl\u003e -w \u003cpayloads.txt\u003e -s [all|r|d|sd]\n or: perl xss-perl.pl -uw \u003curl_list.txt\u003e -w \u003cpayloads.txt\u003e -s [all|r|d|sd]\n```\n\n---\n\n## ๐Ÿ’‰ Payload File: Load Your Ammo\nYour `payloads.txt` should have one *nasty* XSS payload per line. Example:\n\n```\n\u003cscript\u003ealert('XSS')\u003c/script\u003e\n\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\njavascript:alert('XSS')\n```\n\n**Pro Tip**: The script caps at 5 payloads for speed. Tweak the code to *unleash* more! ๐Ÿš€\n\n---\n\n## ๐Ÿ›ก๏ธ How It Dominates\n1. **๐Ÿ•ธ๏ธ Crawling**: Uses `HTML::LinkExtor` to *sneak* through every link in the target domain.\n2. **๐Ÿ” Reflected XSS**: Injects payloads into URL params and checks for echoes. ๐Ÿ’ฅ\n3. **๐Ÿ“ Stored XSS**: Finds forms, stuffs them with payloads, and hunts for persistent XSS. ๐Ÿงจ\n4. **๐Ÿ‘๏ธ DOM XSS**: Fires up headless Chrome to catch payloads in the DOM. ๐Ÿ˜Ž\n5. **๐ŸŒˆ Output**: Color-coded *bangers*:\n - **๐Ÿ”ด Red**: Reflected XSS hits\n - **๐ŸŸฃ Magenta**: Stored XSS jackpots\n - **๐ŸŸ  Cyan**: DOM XSS wins\n - **๐ŸŸก Yellow**: Scan progress and warnings\n - **๐ŸŸข Green**: Crawl success\n\n---\n\n## ๐ŸŒŸ Why PhantomXSS Is the GOAT\n- **๐Ÿ”ฅ All-in-One**: Scans Reflected, Stored, and DOM XSSโ€”most tools canโ€™t hang! ๐Ÿ˜ค\n- **๐Ÿ•ท๏ธ Crawl King**: Auto-finds subpages, saving you from manual URL hunting. ๐Ÿ•ธ๏ธ\n- **โšก Speed Demon**: Optimized with timeouts and limits for *blazing* performance. ๐Ÿ\n- **๐ŸŽจ Visual Flex**: ASCII art and rainbow output make your terminal a *masterpiece*. ๐Ÿ–ผ๏ธ\n- **๐Ÿ› ๏ธ Hackable**: Swap payloads and modes to fit your *unique* style. ๐Ÿฆ„\n\n---\n\n## โš ๏ธ Limitations\n- Needs Chrome for DOM XSS (itโ€™s worth it, trust ๐Ÿ˜Ž).\n- Stored XSS tests only the first two forms/payloads for speed.\n- JavaScript-heavy sites or network hiccups might throw shade. ๐ŸŒฉ๏ธ\n\n---\n\n## ๐Ÿค Contributing: Join the Crew\nGot ideas to make PhantomXSS *sicker*? Fork the repo, add your *sauce*, and drop a pull request. Keep it clean and commented! ๐Ÿง‘โ€๐Ÿ’ป\n\n---\n\n## ๐Ÿ“œ License\nMIT Licenseโ€”check the `LICENSE` file for the deets. ๐Ÿ“\n\n---\n\n**๐Ÿ’€ Get out there and *own* with PhantomXSS! ๐Ÿ’ฅ**","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkishwordulal1234%2Fphantomxss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkishwordulal1234%2Fphantomxss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkishwordulal1234%2Fphantomxss/lists"}