xssless – An Automated XSS Payload Generator Written In Python


xssless is an automated XSS payload generator written in python.

Usage

  1. Record request(s) with Burp proxy
  2. Select request(s) you want to generate, then right click and select “Save items”
  3. Use xssless to generate your payload: ./xssless.py burp_export_file
  4. Pwn!

Features

  • Automated XSS payload generation from imported Burp proxy requests
  • Payloads are 100% asynchronous and won’t freeze the user’s browser
  • CSRF tokens can be easily extracted and set via the -p option
  • POST multipart is supported, along with XSS file uploading via the -f option
  • Payloads are dynamic and portable (due to relative URLs)
  • Crazy JavaScript worms with no hassle!

Installation/Download

Download the latest xssless:

Install dependencies:

Run the script:

Or read more here.

Posted in: Hacking Tools, Web Hacking

, ,


Latest Posts:


Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.


Comments are closed.