`xss`

XSS payload generation, filtering bypass, DOM analysis.

Load with: use xss

Quick example

use xss

result = xssco(10)
prn(result)

Functions

Basic payloads

xssal()

Performs the operation.

xssal()

Performs the operation.

Context-aware payloads

xssco(content)

Connects. Takes content.

xssco(attr_name, payload)

Connects. Takes attr_name, payload.

xssco(js_context)

Connects. Takes js_context.

xssco(url_context)

Connects. Takes url_context.

Encoding bypasses

xssen(payload)

Encodes. Takes payload.

xssen(payload)

Encodes. Takes payload.

xssen(payload)

Encodes. Takes payload.

xssen(payload)

Encodes. Takes payload.

Filter bypasses

xssby()

Performs the operation.

xssby()

Performs the operation.

xssby()

Performs the operation.

Polyglots

xsspo()

Performs the operation.

Blind XSS

xssbl(callback_url)

Performs the operation. Takes callback_url.

CSP bypass helpers

xsscs(nonce, payload)

Performs the operation. Takes nonce, payload.

xsscs()

Performs the operation.

Template injection (SSTI) to XSS

xssfr(template_engine)

Creates from another format. Takes template_engine.

Detection

xssch(url, param, payload)

Checks a condition. Takes url, param, payload.

xssch(url, payload)

Checks a condition. Takes url, payload.

Weaponized payloads

xssco(callback)

Connects. Takes callback.

xsske(callback)

Performs the operation. Takes callback.

xsspo(target, callback)

Performs the operation. Takes target, callback.

xssne(callback)

Creates a new instance. Takes callback.

Notes

XSS detection and sanitisation. Use only on systems you own.