Skip to content

A framework for easy payloads development and deployment, collection of customizable XSS payloads

License

Notifications You must be signed in to change notification settings

redcode-labs/poXSSon

Repository files navigation

poXSSon




Create, encode and deploy complex JS payloads.

What is this project?

This tool gathers some of the most reliable and useful Javascript payloads that can be used in client-side attacks or while testing security posture of a web application. They can be adapted and modified to your specific needs.

Installation

All of the required deps can be easily installed via command:

pip install -r requirements.txt

Project details

MultiplePayloads()

Choose from several code templates to grab keystrokes, execute system commands and exfiltrate important data from target host. Save generated payload to a file or clipboard for further use.

HighlyEVasive()

Specify encoding schemes, custom script tags, format conversions and polyglot executors using intuitive command-line interface.

FullyCustomizable()

Msfvenom-like approach for specifying options enables you to quickly tweak any payload. Every aspect of the payload's logic can be modified, allowing unique behaviour depending on what system you target.

RealTimeMonitoring()

Most payloads come with a built-in PHP handler that can be launched after generating code template. It listens for status messages and data harvested by the launched payload.

More info

More info about poXSSon and it's usage can be found in our blogpost: JS Payloads in 2021.

Contribute

Contributions are always welcome!

About

A framework for easy payloads development and deployment, collection of customizable XSS payloads

Topics

Resources

License

Stars

Watchers

Forks