{"id":22665226,"url":"https://github.com/volkansah/xsspy-ncf","last_synced_at":"2025-10-26T23:48:03.763Z","repository":{"id":241359239,"uuid":"805933554","full_name":"VolkanSah/XSSPY-NCF","owner":"VolkanSah","description":"XssPy is a tool designed to help security researchers and ethical hackers identify potential Cross-Site Scripting (XSS) vulnerabilities in web applications. It automates the process of testing for XSS vulnerabilities by analyzing web pages and submitting payloads to check for any possible security issues.","archived":false,"fork":false,"pushed_at":"2025-01-27T23:13:59.000Z","size":1188,"stargazers_count":6,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T22:51:27.292Z","etag":null,"topics":["2024","cross-site-scripting","ethical","ethical-hacker","ethical-hacking","ethical-hacking-tools","payload","payloads","payloads-cheatsheet","python","python3","rebuild","xss","xsspy"],"latest_commit_sha":null,"homepage":"https://github.com/VolkanSah/XSSPY-NCF","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VolkanSah.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["volkansah"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"custom":null}},"created_at":"2024-05-25T22:12:25.000Z","updated_at":"2025-01-27T23:14:03.000Z","dependencies_parsed_at":"2024-05-30T17:25:49.026Z","dependency_job_id":"4e948e17-6b78-45b7-8ca6-5e90d424feff","html_url":"https://github.com/VolkanSah/XSSPY-NCF","commit_stats":null,"previous_names":["volkansah/xsspy_2024"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VolkanSah%2FXSSPY-NCF","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VolkanSah%2FXSSPY-NCF/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VolkanSah%2FXSSPY-NCF/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VolkanSah%2FXSSPY-NCF/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VolkanSah","download_url":"https://codeload.github.com/VolkanSah/XSSPY-NCF/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248543827,"owners_count":21121837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2024","cross-site-scripting","ethical","ethical-hacker","ethical-hacking","ethical-hacking-tools","payload","payloads","payloads-cheatsheet","python","python3","rebuild","xss","xsspy"],"created_at":"2024-12-09T13:29:33.021Z","updated_at":"2025-10-26T23:48:03.745Z","avatar_url":"https://github.com/VolkanSah.png","language":"Python","funding_links":["https://github.com/sponsors/volkansah"],"categories":[],"sub_categories":[],"readme":"# XSSPY (NCF Version)\n###### rebuilt 2019-2400 (v.2705.2024) | Datasheet last updated: Thu, 28 Aug 2025 07:33:16 +0000.\nif forked, check orginal for updates: [Source](https://github.com/VolkanSah/XSSPY-NCF/)\n\n![XSS Py Rebuillt](xsspy-jpg.jpg)\n\n\u003e [!WARNING]\n\u003e This repository is intended for educational purposes and to help improve security. Use these tools and techniques responsibly and ethically. Always remember to follow the law and consider the impact of your actions.\n\n\nI was inspired by the work of [faizann24](https://github.com/faizann24/XssPy) and use my script below with my own tools/scrappers. It appears that his account is no longer active, but Thanks bro for your smart idea.\n\n\n## Introduction\nXSSPY - NCF - Version is an advanced tool designed to help security researchers and ethical hackers identify potential Cross-Site Scripting (XSS) vulnerabilities in web applications. This updated version automates the process of testing for XSS vulnerabilities by analyzing web pages and submitting payloads to check for any possible security issues. With the ability to read payloads from an external file, it allows for a more flexible and comprehensive testing approach.\n\n## Key Features\n- **Automated XSS Testing**: Automatically scans web applications for XSS vulnerabilities with minimal user intervention.\n- **Dynamic Payload Loading**: Load the latest XSS payloads from an external text file, making it easy to update and expand the list of payloads.\n- **Comprehensive Scanning**: Perform in-depth scans of web applications, including form submissions and URL parameters.\n- **Verbose Logging**: Enhanced logging capabilities to track the scanning process and results in detail.\n\n## Installation\nTo install the necessary dependencies for XSSPY_2024, use the following commands:\n\n```\npip install mechanize argparse logging\n```\n\n## Usage\nTo use XSSPY_2024, simply run the script with the target URL. Ensure you have your payloads file ready (e.g., `payloads.txt`).\n\n### Basic Scan\n```\npython xsspy.py -u example.com\n```\n\n### Example: Comprehensive Scan with Verbose Output\n```\npython xsspy.py -u example.com -e -v\n```\n\n### Example: Using Custom Cookies\n```\npython xsspy.py -u example.com -c \"cookie1=value1\" \"cookie2=value2\"\n```\n\n## Advanced Features\n\n### Loading Payloads from a File\nYou can load XSS payloads from an external file where each line contains a single payload. This allows for easy updating and testing with the latest payloads. Here is an example of how to read payloads from a file in the script:\n\n```\ndef read_payloads_from_file(file_path):\n    with open(file_path, 'r') as file:\n        payloads = [line.strip() for line in file]\n    return payloads\n\n# Usage\npayload_file_path = 'payloads.txt'\npayloads = read_payloads_from_file(payload_file_path)\n```\n\n### Enhancing Logging\nModify the logging level to capture more detailed information during the scan by using the `-v` flag for verbose logging.\n\n## Benefits\n- **Time-Saving**: Automates the tedious process of manually testing for XSS vulnerabilities, allowing you to focus on other critical tasks.\n- **Up-to-Date Testing**: Easily update your payloads with the latest techniques from trusted sources like the [PortSwigger XSS Cheat Sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet).\n- **Comprehensive Coverage**: Capable of testing a wide range of payloads against multiple endpoints in a web application, increasing the chances of finding potential vulnerabilities.\n\n## Example Scenario\nImagine you need to test a large web application for XSS vulnerabilities. Instead of manually injecting payloads into each form and URL parameter, you can use XSSPY_2024 to automate this process. Load the latest payloads from a trusted source, start the script, and let it run while you take a break. When you return, you will have a detailed log of potential XSS vulnerabilities found in the application.\n\n## Changes from Original Code\nThis version of XSSPY_2024 has several improvements and updates compared to the original script by Faizan Ahmad:\n\n1. **Python 3 Compatibility**:\n   - Updated to work with Python 3, including changes from `httplib` to `http.client` and `urlparse` to `urllib.parse`.\n   - `print` statements updated to `print()` function.\n\n2. **Improved Payloads**:\n   - Added more comprehensive and modern XSS payloads to increase the detection of XSS vulnerabilities.\n   - Payloads can now be dynamically loaded from an external file, while the original inline payloads are still available but commented out.\n\n3. **Error Handling and Logging**:\n   - Enhanced error handling to ensure the script does not crash on encountering errors.\n   - Improved logging with more detailed and clearer messages.\n\n4. **Code Consistency and Readability**:\n   - Improved the formatting and structure of the code for better readability and maintenance.\n   - Used f-strings for more readable string formatting.\n\n5. **HTTP/HTTPS Detection**:\n   - Improved logic for detecting and handling HTTP/HTTPS compatibility.\n\n6. **General Improvements**:\n   - Included static methods in the `color` class.\n   - Optimized the `testPayload` function.\n7. **Compatibility**\n   - works with PoisonIvory (Nemesis)\n\nThese changes aim to make the script more robust, user-friendly, and effective in detecting XSS vulnerabilities.\n\n## Security Warning\n\u003e [!WARNING]\n\u003e **Important Note:** This information is provided for educational purposes and to help improve security. Use these tools and techniques responsibly and ethically. Unauthorized access to, or exploitation of, systems and data is illegal and unethical. Please be aware of the potential risks and consequences associated with using the knowledge and tools shared in this document. Ensure that you have proper authorization before attempting to test or exploit any systems.\n\n### Thank you for your support!\n- If you appreciate my work, please consider [becoming a 'Sponsor'](https://github.com/sponsors/volkansah), giving a :star: to my projects, or following me.\n\n### Credits\n- [VolkanSah on Github](https://github.com/volkansah)\n- [Developer Site](https://volkansah.github.io)\n\n### License\nThis project is licensed under the MIT - see the [LICENSE](LICENSE) file for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvolkansah%2Fxsspy-ncf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvolkansah%2Fxsspy-ncf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvolkansah%2Fxsspy-ncf/lists"}