# XSSbase
XSSbase is a professional tool designed to help web developers scan for Cross-Site Scripting (XSS) vulnerabilities. It automates the process of testing web applications for XSS vulnerabilities by using a set of predefined payloads or custom payloads provided by the user.
- **Full Documentation**: <a href="https://bytebreach.github.io/pdf/xssbase-Full-Commands.pdf">Link</a>
- **Basic XSS (Cross-Site Scripting) Vulnerable HTML Code**: <a href="https://github.com/ByteBreach/xssbase-test">Link</a>
## Features
- **Automated XSS Testing**: Scans web applications for XSS vulnerabilities using a list of predefined or user-specified payloads.
- **Platform Support**: Currently supports Windows.
- **Custom Payloads**: Allows users to provide their own payloads for testing.
- **Error Handling**: Handles stale element reference errors gracefully and retries automatically.
- **Comprehensive Reports**: Provides detailed information about detected XSS vulnerabilities.
- **Payload List URL**: Displays a URL to a list of useful XSS payloads.
## Benefits
- **Time-Saving**: Automates the tedious process of testing for XSS vulnerabilities, saving developers valuable time.
- **Improved Security**: Helps in identifying and fixing XSS vulnerabilities, enhancing the overall security of web applications.
- **Customizable**: Users can use their own payloads for testing, making it highly customizable for specific needs.
## Payload Examples
Here are a few sample XSS payloads that XSSbase can use:
1. `<script>alert('XSS')</script>`
2. `<img src=x onerror=alert('XSS')>`
3. `<svg onload=alert('XSS')>`
4. `"><script>alert('XSS')</script>`
5. `<body onload=alert('XSS')>`
For a comprehensive collection of XSS payloads, refer to the [payloadbox XSS payload list](https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt).
## Payload List
A comprehensive list of useful XSS payloads is available at: <a href="https://mrfidal.in/cyber-security/xssbase/payload-list.html">Click Here</a>
## Installation
Currently, XSSbase is only compatible with Windows. To install, use the following command:
```sh
pip install xssbase
```
## Usage
### Basic Usage
To test a URL for XSS vulnerabilities using the predefined payloads:
```sh
xssbase --url <URL>
```
### Using Custom Payloads
To test a URL for XSS vulnerabilities using custom payloads from a file:
```sh
xssbase --url <URL> --payload <payload-file.txt>
```
### Example
To test http://example.com for XSS vulnerabilities using predefined payloads:
```sh
xssbase --url http://example.com
```
To test http://example.com for XSS vulnerabilities using payloads from `custom-payloads.txt`:
```sh
xssbase --url http://example.com --payload custom-payloads.txt
```
### Arguments
`--url`: The URL to test for XSS vulnerabilities (required).
`--payload`: The file containing custom XSS payloads (optional).
### License
This project is licensed under the MIT <a href="https://pypi.org/project/xssbase/#description">License</a>. See the LICENSE file for details.
### Disclaimer
This tool is intended for educational purposes and for use by web developers to secure their own applications. Unauthorized or malicious use is strictly prohibited.
Raw data
{
"_id": null,
"home_page": "https://mrfidal.in/cyber-security/xssbase",
"name": "xssbase",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "xss, cross-site scripting, vulnerability, scanning, security, mrfidal",
"author": "MrFidal",
"author_email": "mrfidal@proton.me",
"download_url": "https://files.pythonhosted.org/packages/5a/34/c492c95c1ed03bdc0b47bc97da25ae07e12ca30418abd260bcfef1b9d572/xssbase-5.0.1.tar.gz",
"platform": null,
"description": "# XSSbase\r\n\r\nXSSbase is a professional tool designed to help web developers scan for Cross-Site Scripting (XSS) vulnerabilities. It automates the process of testing web applications for XSS vulnerabilities by using a set of predefined payloads or custom payloads provided by the user.\r\n\r\n- **Full Documentation**: <a href=\"https://bytebreach.github.io/pdf/xssbase-Full-Commands.pdf\">Link</a>\r\n- **Basic XSS (Cross-Site Scripting) Vulnerable HTML Code**: <a href=\"https://github.com/ByteBreach/xssbase-test\">Link</a>\r\n\r\n## Features\r\n\r\n- **Automated XSS Testing**: Scans web applications for XSS vulnerabilities using a list of predefined or user-specified payloads.\r\n- **Platform Support**: Currently supports Windows.\r\n- **Custom Payloads**: Allows users to provide their own payloads for testing.\r\n- **Error Handling**: Handles stale element reference errors gracefully and retries automatically.\r\n- **Comprehensive Reports**: Provides detailed information about detected XSS vulnerabilities.\r\n- **Payload List URL**: Displays a URL to a list of useful XSS payloads.\r\n\r\n## Benefits\r\n\r\n- **Time-Saving**: Automates the tedious process of testing for XSS vulnerabilities, saving developers valuable time.\r\n- **Improved Security**: Helps in identifying and fixing XSS vulnerabilities, enhancing the overall security of web applications.\r\n- **Customizable**: Users can use their own payloads for testing, making it highly customizable for specific needs.\r\n\r\n## Payload Examples\r\n\r\nHere are a few sample XSS payloads that XSSbase can use:\r\n\r\n1. `<script>alert('XSS')</script>`\r\n2. `<img src=x onerror=alert('XSS')>`\r\n3. `<svg onload=alert('XSS')>`\r\n4. `\"><script>alert('XSS')</script>`\r\n5. `<body onload=alert('XSS')>`\r\n\r\nFor a comprehensive collection of XSS payloads, refer to the [payloadbox XSS payload list](https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt).\r\n\r\n## Payload List\r\n\r\nA comprehensive list of useful XSS payloads is available at: <a href=\"https://mrfidal.in/cyber-security/xssbase/payload-list.html\">Click Here</a>\r\n\r\n## Installation\r\n\r\nCurrently, XSSbase is only compatible with Windows. To install, use the following command:\r\n\r\n```sh\r\npip install xssbase\r\n```\r\n\r\n## Usage\r\n\r\n### Basic Usage\r\n\r\nTo test a URL for XSS vulnerabilities using the predefined payloads:\r\n```sh\r\nxssbase --url <URL>\r\n```\r\n### Using Custom Payloads\r\n\r\nTo test a URL for XSS vulnerabilities using custom payloads from a file:\r\n```sh\r\nxssbase --url <URL> --payload <payload-file.txt>\r\n```\r\n### Example\r\n\r\nTo test http://example.com for XSS vulnerabilities using predefined payloads:\r\n```sh\r\nxssbase --url http://example.com\r\n```\r\nTo test http://example.com for XSS vulnerabilities using payloads from `custom-payloads.txt`:\r\n```sh\r\nxssbase --url http://example.com --payload custom-payloads.txt\r\n```\r\n\r\n### Arguments\r\n\r\n`--url`: The URL to test for XSS vulnerabilities (required).\r\n\r\n`--payload`: The file containing custom XSS payloads (optional).\r\n\r\n\r\n### License\r\nThis project is licensed under the MIT <a href=\"https://pypi.org/project/xssbase/#description\">License</a>. See the LICENSE file for details.\r\n\r\n### Disclaimer\r\nThis tool is intended for educational purposes and for use by web developers to secure their own applications. Unauthorized or malicious use is strictly prohibited.\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "XSSBase: A tool for testing XSS vulnerabilities on websites.",
"version": "5.0.1",
"project_urls": {
"Homepage": "https://mrfidal.in/cyber-security/xssbase"
},
"split_keywords": [
"xss",
" cross-site scripting",
" vulnerability",
" scanning",
" security",
" mrfidal"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "87e3ce44a7defad3ff60cd67c5818759629ef5a908e22f10650978158bccb26f",
"md5": "7147e8ff9f6a954c02c3ff3307ccd97a",
"sha256": "d2ac9ee553a4dd62062e41635e2e4660f4d3f8891bbc4b92d2a52dd1b606609f"
},
"downloads": -1,
"filename": "xssbase-5.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7147e8ff9f6a954c02c3ff3307ccd97a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 8015,
"upload_time": "2024-10-18T18:56:28",
"upload_time_iso_8601": "2024-10-18T18:56:28.798373Z",
"url": "https://files.pythonhosted.org/packages/87/e3/ce44a7defad3ff60cd67c5818759629ef5a908e22f10650978158bccb26f/xssbase-5.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "5a34c492c95c1ed03bdc0b47bc97da25ae07e12ca30418abd260bcfef1b9d572",
"md5": "e8815dd584a2b6521a0dad65b2fe0fe6",
"sha256": "e1a3e43b3eff3d5b8d00902713086b953586747a4b23377a9c87dc79a306d276"
},
"downloads": -1,
"filename": "xssbase-5.0.1.tar.gz",
"has_sig": false,
"md5_digest": "e8815dd584a2b6521a0dad65b2fe0fe6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 8146,
"upload_time": "2024-10-18T18:56:30",
"upload_time_iso_8601": "2024-10-18T18:56:30.827201Z",
"url": "https://files.pythonhosted.org/packages/5a/34/c492c95c1ed03bdc0b47bc97da25ae07e12ca30418abd260bcfef1b9d572/xssbase-5.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-18 18:56:30",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "xssbase"
}
JSON