Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/evilcos/xssor2
XSS'OR - Hack with JavaScript.
https://github.com/evilcos/xssor2
csrf encoding hack hacking-tool pentest pentest-tool probe xss
Last synced: about 2 months ago
JSON representation
XSS'OR - Hack with JavaScript.
- Host: GitHub
- URL: https://github.com/evilcos/xssor2
- Owner: evilcos
- License: bsd-2-clause
- Created: 2017-06-25T06:32:10.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2021-12-12T09:58:05.000Z (almost 3 years ago)
- Last Synced: 2024-10-01T12:21:17.792Z (2 months ago)
- Topics: csrf, encoding, hack, hacking-tool, pentest, pentest-tool, probe, xss
- Language: JavaScript
- Size: 854 KB
- Stars: 2,123
- Watchers: 94
- Forks: 379
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-bugbounty-tools - xssor2 - XSS'OR - Hack with JavaScript. (Exploitation / XSS Injection)
- awesome-github-star - xssor2 - Hack with JavaScript. | evilcos | 2067 | (JavaScript)
- WebHackersWeapons - xssor2 - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| (Weapons / Tools)
- awesome-hacking-lists - evilcos/xssor2 - XSS'OR - Hack with JavaScript. (JavaScript)
README
# XSS'OR
XSS'OR - Hack with JavaScript.## ONLINE
You can have a try:https://xssor.io and http://xssor.io/
It contains three major modules: Encode/Decode, Codz, Probe.
## INSTALL
Python 3 with Django 3.0.* or Python 2 with Django 1.11.*
* git clone https://github.com/evilcos/xssor2 or download directly
* cd xssor2
* modify xssor/payload/probe.js
```javascript
xssor.cmd_url = location.protocol + '//xssor.io/cmd'; // replace xssor.io to your domain or ip address
```
* pip3/pip install -r requirement.txt
* python3/python manage.py runserver 0.0.0.0:8000Browser http://[yourip]:8000 to enjoy.
If you want to deploy it with Nginx, you can use uWSGI.
If you want to delete probe automatically, you can use crontab to this script file(xssor/probeclear.py).
Try it by yourself.
## DOCKER
You can build this project with docker
```bash
docker build -t xssor:latest .
```Run the app with
```bash
docker run -d -p [port]:8000 xssor:latest [probe domain or ip]
```## CHANGELOG
```
UPDATE: 2020/07/28*. Increase support for docker.
UPDATE: 2020/02/05
*. Compatible with Python 2 and Python 3.
*. Compatible with Django 1.11.* and Django 3.0.*.
*. Fix some bugs.UPDATE: 2018/07/29
*. Compatible with HTTP and HTTPS.
UPDATE: 2017/09/23
*. Upgrade JS BEAURIFY.
*. Fix PACKER/UNPACKER error bug.UPDATE: 2017/08/20
*. Increase support for mobile more friendly.
UPDATE: 2017/08/13
*. Fix Probe bug to file:// protocol.
*. Fix Probe bug in mobile app while without cookie.
*. Improve Probe Status.UPDATE: 2017/05/07
*. Encode/Decode, enhanced.
*. Codz, enhanced.
*. Probe, free to try.
*. Complete rewriting with Python, Django, Bootstrap, jQuery, ...
*. Independent domain: xssor.io.
```BE EVIL, DON'T BE BAD.