XSS-Loader – XSS Scanner and Payload Generator
Cross-Site Scripting or XSS vulnerability is the flaw included in the OWASP Top 10 Vulnerabilities. In this Security Flaw, the Attacker generates a malicious JavaScript Payload code that has the intention to steal the cookies of the victim or to perform an account takeover. Sometimes this Flaw can create a severe problem on the back end of the web application. The malicious code is passed through user inputs, parameters, uploaded files, etc. If the information is handled properly before sending it to the webserver, then the application can be saved from an XSS attack.
XSS-Loader: XSS Injection Toolkit
XSS-Loader is a toolkit that allows the user to create payloads for XSS injection, scan websites for potential XSS exploits and use the power of Google Search Engine to discover websites that may be vulnerable to XSS Vulnerability. XSS-Loader tool is developed in the Python Language. XSS-Loader tool is open source, free to use, and available on GitHub. This tool supports various types of payload generation like:
- DIV PAYLOAD
- MUTATION PAYLOAD
- BASIC PAYLOAD
- UPPER PAYLOAD etc.
This tool supports XSS Scanning on the target domain URL, The executed payload is displayed with the full URL on the terminal itself.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of XSS-Loader Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/capture0x/XSS-LOADER/
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
cd XSS-LOADER
Step 3: You are in the directory of the XSS-Loader. Now you have to install a dependency of the XSS-Loader using the following command.
sudo pip3 install -r requirements.txt
Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
python3 payloader.py -h
Working with XSS-Loader Tool on Kali Linux OS
Example 1: BASIC PAYLOAD
Select Option 1 -> BASIC PAYLOAD
In this Example, We are generating a Basic Payload for XSS.
Select Option 20 -> MUTATION PAYLOAD
The tool has generated the Mutational Payload.
Example 2: ENTER YOUR PAYLOAD
Select Option 6 -> ENTER YOUR PAYLOAD
In this Example, We are specifying our own custom payload.
We have given our custom payload as input to the tool.
Select Option 1 -> UPPER CASE
We are changing our payload from Lower Case to Upper Case.
Our Custom Payload is changed from Lower Case to Upper Case.
Example 3: XSS SCANNER
Select Option 7 -> XSS SCANNER
In this Example, We are testing the target domain for XSS Security Flaw.
Target URL -> http://testphp.vulnweb.com/search.php?test=query
We have specified the target domain URL.
Select Option 1 -> BASIC PAYLOAD LIST
We are using the Basic Payload List which will be tested on the target domain.
The testing process is started.
Example 4: XSS DORK FINDER
Select Option 8 -> XSS DORK FINDER
In this example, We will be using the XSS Dork Finder for Advanced Search.