XSS-Loader: XSS Scanner & Payload Generator

Last Commit: 01/27/2021

XSS-Loader: XSS Scanner & Payload Generator

XSS-Loader is a toolkit which allows the user to create payloads for XSS injection, scan websites for possible XSS exploits and use the power of Google Search Engine to find websites which may be vulnerable to XSS injections.

What is Cross-site Scripting (XSS)?

Cross-Site Scripting (XSS) attacks are a type of injection, in which attackers/hackers can execute malicious scripts/payload in another user’s browser. Wherever we have a website with dynamically generated code without adequate encoding and input field filtering, can become a victim of XSS attacks. From the user’s perspective, everything will still look normal and they won’t even know that their data are compromised.

XSS allows hackers to run their malicious JavaScript in the victim’s browser which can hijack user sessions, redirect user to a “non-friendly” site, spread malware, create false requests, steal user identity and sensitive data such as: credentials, passwords, credit card numbers, etc.

To learn more, check out the Cross-site Scripting (XSS) [explanation & details].

XSS-Loader: XSS Injection Toolkit

After starting XSS-Loader with Python 3, the user can choose to create a XSS injection payload with their desired HTML tag such as div, Img or body. After choosing the tag, the user can further define the payload by selecting the required encoding or by selecting the required type of injection such as ‘CLOUDFARE BYPASS PAYLOADS’ or ‘ALERT PAYLOADS’. This will then generate the required payload. The second module is the ‘XSS-Scanner’, which allows the user to create a URL which will execute the xss injection. The third module of this tool is the ‘XSS-DORK-FINDER’ which allow the user to use Google, to find vulnerable websites.

Features:

  • Creates payload for use in XSS injection
  • Select default payload tags or create your own custom payload
  • Execute the XSS injection with the XSS-SCANNER
  • Find the URL of vulnerable websites with the XSS Dork Finder

Supported Platforms:

  • Linux

Requirements:

  • Python 3

Install XSS-Loader

Clone the GitHub repo:

$ git clone https://github.com/capture0x/XSS-LOADER.git

Navigate to the working directory and install the requirements:

$ cd XSS-LOADER
$ pip3 install -r requirements.txt

XSS-Loader Usage

Enter the following command:

$ python3 payloader.py 
╭━╮╭━┳━━━┳━━━╮╱╱╭╮╱╱╭━━━┳━━━┳━━━┳━━━┳━━━╮
╰╮╰╯╭┫╭━╮┃╭━╮┃╱╱┃┃╱╱┃╭━╮┃╭━╮┣╮╭╮┃╭━━┫╭━╮┃
╱╰╮╭╯┃╰━━┫╰━━╮╱╱┃┃╱╱┃┃╱┃┃┃╱┃┃┃┃┃┃╰━━┫╰━╯┃
╱╭╯╰╮╰━━╮┣━━╮┣━━┫┃╱╭┫┃╱┃┃╰━╯┃┃┃┃┃╭━━┫╭╮╭╯
╭╯╭╮╰┫╰━╯┃╰━╯┣━━┫╰━╯┃╰━╯┃╭━╮┣╯╰╯┃╰━━┫┃┃╰╮
╰━╯╰━┻━━━┻━━━╯╱╱╰━━━┻━━━┻╯╱╰┻━━━┻━━━┻╯╰━╯
 
 
|||||||||||||||||||||||||||||||||||||||||||||||||||||
 
||                 XSS-LOADER TOOL                 ||
 
||               INSTAGRAM==>TMRSWRR               ||
 
||             CODED BY HULYA  KARABAG             ||
 
|||||||||||||||||||||||||||||||||||||||||||||||||||||
 
||              WELCOME TO XSS-LOADER              ||
 
|||||||||||||||||||||||||||||||||||||||||||||||||||||
 
-----------------------------------
|||      XSS-LOADER TOOLS      |||
-----------------------------------
 
1)  BASIC PAYLOAD
2)  DIV PAYLOAD
3)  IMG PAYLOAD
4)  BODY PAYLOAD
5)  SVG PAYLOAD
6)  ENTER YOUR PAYLOAD
7)  XSS SCANNER
8)  XSS DORK FINDER
9)  EXIT
 
SELECT PAYLOAD TO TAG:

Usage Examples

Basic Payload

Sets default parameter to :<script>alert(1)</script>

Div Payload

Sets default parameter to :<div onpointerover='alert(1)'>MOVE HERE</div

Img Payload

Sets default parameter to :<img src=x onerror=alert('1');>

Body Payload

Sets default parameter to :<body ontouchstart=alert(1)>

Xss Scanner

Enter URL: e.g target -> http://target.com/index.php?name= Selected for scanning payload list

XSS Dork Finder

Enter: e.g ->inurl:”search.php?q=” Results will be saved in “dork.txt” after scanning.
Download Box