{"id":19729607,"url":"https://github.com/r3dhulk/xss-vulnerability-finder-in-ruby","last_synced_at":"2026-04-01T22:05:19.827Z","repository":{"id":65244275,"uuid":"588961703","full_name":"R3DHULK/xss-vulnerability-finder-in-ruby","owner":"R3DHULK","description":"XSS Vulnerability Tool In Ruby","archived":false,"fork":false,"pushed_at":"2023-01-24T16:35:55.000Z","size":45,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-28T00:37:56.643Z","etag":null,"topics":["blackhat","cross-site-scripting","crosssitescripting","ethical","ethical-hacking","ethical-hacking-tools","hacking","hacking-tool","ruby","ruby-for-ethical-hackers","ruby-for-ethical-hacking","rubyforethicalhackers","rubyforethicalhacking","xss","xss-attacks","xss-detection","xss-exploitation","xss-injection","xss-scanner","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/R3DHULK.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2023-01-14T16:08:10.000Z","updated_at":"2023-06-19T05:12:18.000Z","dependencies_parsed_at":"2023-02-13T23:31:27.592Z","dependency_job_id":null,"html_url":"https://github.com/R3DHULK/xss-vulnerability-finder-in-ruby","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/R3DHULK/xss-vulnerability-finder-in-ruby","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fxss-vulnerability-finder-in-ruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fxss-vulnerability-finder-in-ruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fxss-vulnerability-finder-in-ruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fxss-vulnerability-finder-in-ruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/R3DHULK","download_url":"https://codeload.github.com/R3DHULK/xss-vulnerability-finder-in-ruby/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fxss-vulnerability-finder-in-ruby/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292632,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blackhat","cross-site-scripting","crosssitescripting","ethical","ethical-hacking","ethical-hacking-tools","hacking","hacking-tool","ruby","ruby-for-ethical-hackers","ruby-for-ethical-hacking","rubyforethicalhackers","rubyforethicalhacking","xss","xss-attacks","xss-detection","xss-exploitation","xss-injection","xss-scanner","xss-vulnerability"],"created_at":"2024-11-12T00:13:03.041Z","updated_at":"2026-04-01T22:05:19.805Z","avatar_url":"https://github.com/R3DHULK.png","language":"Ruby","funding_links":["https://www.buymeacoffee.com/r3dhulk"],"categories":[],"sub_categories":[],"readme":"\u003ch1\u003e\u003cb\u003eXSS Vulnerability Finder In Ruby\u003c/b\u003e\u003c/h1\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eCheck Out The Tool 👇 \u003c/b\u003e\u003c/h1\u003e\n\n![Alt text](xss-ruby.png)\n\n#\n\u003ch1\u003e\u003cb\u003e🔴 Disclaimer : Author Of This Tool Is Not Responsible For Any Harmful Activities.\u003c/b\u003e\u003c/h1\u003e\n\n#\n\u003ch1\u003e\u003cb\u003e So What Is XSS?\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003e\u003ci\u003eCross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. \u003c/i\u003e\u003c/h2\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eHow does XSS work?\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003e\u003ci\u003eCross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.\u003c/i\u003e\u003c/h2\u003e\n\n\u003cimg src=\"https://www.imperva.com/learn/wp-content/uploads/sites/13/2019/01/sorted-XSS.png\" alt=\"xss-vul\" height=\"300px\" width=\"500px\"\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eXSS Proof Of Concept\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003e\u003ci\u003e You can confirm most kinds of XSS vulnerability by injecting a payload that causes your own browser to execute some arbitrary JavaScript. It's long been common practice to use the alert() function for this purpose because it's short, harmless, and pretty hard to miss when it's successfully called. In fact, you solve the majority of our XSS labs by invoking alert() in a simulated victim's browser.\n\nUnfortunately, there's a slight hitch if you use Chrome. From version 92 onward (July 20th, 2021), cross-origin iframes are prevented from calling alert(). As these are used to construct some of the more advanced XSS attacks, you'll sometimes need to use an alternative PoC payload. In this scenario, we recommend the print() function. If you're interested in learning more about this change and why we like print(), check out our blog post on the subject.\n\nAs the simulated victim in our labs uses Chrome, we've amended the affected labs so that they can also be solved using print(). We've indicated this in the instructions wherever relevant. \u003c/i\u003e\u003c/h2\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eTypes Of XSS Attacks\u003c/h1\u003e\u003c/b\u003e\n\u003ch2\u003e\u003ci\u003e There are three main types of XSS attacks. These are:\n\n    💀 Reflected XSS, where the malicious script comes from the current HTTP request.\n    💀 Stored XSS, where the malicious script comes from the website's database.\n    💀 DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.\n\u003c/h2\u003e\u003c/i\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eGit Installation\u003c/h1\u003e\u003c/b\u003e\n\n```\n# Update And Upgrade System\nsudo apt update \u0026\u0026 sudo apt upgrade -y\n\n# Install Git\nsudo apt install git \n\n# Install Ruby\nsudo apt install ruby\n\n# Clone My Repo\ngit clone https://github.com/R3DHULK/xss-vulnerability-finder-in-ruby\n\n# Change Directory\ncd xss-vulnerability-finder-in-ruby\n\n# Run\nruby xss-vulnerability-scanner.rb\n```\n\n#\n\u003cb\u003e🔴 Note: This Is Just A Basic Tool. In Real World XSS Vulnerabilities Are Too Crtitical To Find.\u003c/b\u003e\n\n#\n\u003ch2\u003e\u003cb\u003e\u003ci\u003e Show Support 👇👇👇\u003c/b\u003e\u003c/i\u003e \u003c/h2\u003e\n\u003ca href=\"https://www.buymeacoffee.com/r3dhulk\"\u003e \u003cimg align=\"center\" src=\"https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png\" height=\"50\" width=\"210\" alt=\"https://www.buymeacoffee.com/r3dhulk\" /\u003e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr3dhulk%2Fxss-vulnerability-finder-in-ruby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr3dhulk%2Fxss-vulnerability-finder-in-ruby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr3dhulk%2Fxss-vulnerability-finder-in-ruby/lists"}