kleiton0x00 / Xsscope
Labels
Projects that are alternatives of or similar to Xsscope
Go beyond the alert
XSScope is one of the most advanced GUI Framework for XSS Clientside attacks. It can perform different XSS attack and HTML Injection in real time.
Features
- Perform XSS botnet attack(s). Every victim who is affected by XSS payload (in the webserver), will contantly bind the payload and wait for commands from attacker. A bind payload is one that waits for a connection from its controller.
- HTTP Flood (DDos) via XSS botnets
- Generates a Port Forwarding TCP and a Local PHP Server as well
- Automatic payload generator for Bug Hunting (Blind, Stored, Reflected & DOM XSS)
- Generate Local HTTP Server
Spying Features
- Camera Hijacking
- Get victim's saved credentials from the vulnerable website
- Gather information about victim (Browser, version, Operating System, User Agent, Cookie (if any), Java enabled, Online status, Language used, Cookie enabled)
- Keylogger
- Screenshot victim's browser
- Get victim's real-time location
- Execute .NET Shellcode commands
- Force download malicious file
HTML code injection
- Generate Phishing Websites with 2 clicks using pregenerated HTML codes such as:
- Amazon
- Line
- Steam
- Twitch
- Verizon
- WiFi (expired session)
- Generate Website Defacion with 2 clicks using a HTML template
- Import HTML file from external file
- Add your own HTML code
Arbitrary Javascript code execution
- Execute Javascript code into victim's browser once a shell is opened in your listener
Funny modules:
- Change every link in the website
- Change every image in the website
- Clickjacker (redirect to another URI once user click somewhere on the website)
Installation
-
Clone the Github repo into your local machine:
git clone https://github.com/kleiton0x00/XSScope.git
cd XSScope
Note: Zipfile library is not required if you are using Linux/MacOS. Ignore the error. -
Run setup.sh in your terminal:
chmod +x setup.sh
./setup.sh
NOTE: If setup.sh script asks for Ngrok Authtoken, you have to create an account HERE and grab the Authtoken. -
You are good to go, now run the software by executing:
python3 xsscope.py
For more detailed installation manual please refer the Wiki
Flowchart
FAQ
Please refer the Wiki for more advanced tips.
Demo
For Demo go to Wiki/Demo
Gallery
XSScope IN ACTION
XSScope Main Interface.
Creating an Agent Module.
Generated XSS Payloads
Generating Advanced Phishing Website using HTML Injection
Performing RCE into victim's browser
Legal disclaimer:
Usage of XSScope for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.
Contribution, Credits & License
Ways to contribute
- Suggest a feature
- Report a bug
- Fix something and open a pull request
- Spread the word
Licensed under the GNU GPLv3, see LICENSE for more information.
Contact
For any problem, copyright disclaimers, etc. please feel free to email me: [email protected]