# XSSbase
XSSbase is a professional tool designed to help web developers scan for Cross-Site Scripting (XSS) vulnerabilities. It automates the process of testing web applications for XSS vulnerabilities by using a set of predefined payloads or custom payloads provided by the user.
- **Full Documentation**: <a href="https://bytebreach.github.io/pdf/xssbase-Full-Commands.pdf">Link</a>
- **Basic XSS (Cross-Site Scripting) Vulnerable HTML Code**: <a href="https://github.com/ByteBreach/xssbase-test">Link</a>
## Features
- **Automated XSS Testing**: Scans web applications for XSS vulnerabilities using a list of predefined or user-specified payloads.
- **Platform Support**: Currently supports Windows.
- **Custom Payloads**: Allows users to provide their own payloads for testing.
- **Error Handling**: Handles stale element reference errors gracefully and retries automatically.
- **Comprehensive Reports**: Provides detailed information about detected XSS vulnerabilities.
- **Payload List URL**: Displays a URL to a list of useful XSS payloads.
## Benefits
- **Time-Saving**: Automates the tedious process of testing for XSS vulnerabilities, saving developers valuable time.
- **Improved Security**: Helps in identifying and fixing XSS vulnerabilities, enhancing the overall security of web applications.
- **Customizable**: Users can use their own payloads for testing, making it highly customizable for specific needs.
## Payload Examples
Here are a few sample XSS payloads that XSSbase can use:
1. `<script>alert('XSS')</script>`
2. `<img src=x onerror=alert('XSS')>`
3. `<svg onload=alert('XSS')>`
4. `"><script>alert('XSS')</script>`
5. `<body onload=alert('XSS')>`
For a comprehensive collection of XSS payloads, refer to the [payloadbox XSS payload list](https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt).
## Payload List
A comprehensive list of useful XSS payloads is available at: <a href="https://mrfidal.in/cyber-security/xssbase/payload-list.html">Click Here</a>
## Installation
Currently, XSSbase is only compatible with Windows. To install, use the following command:
```sh
pip install xssbase
```
## Usage
### Basic Usage
To test a URL for XSS vulnerabilities using the predefined payloads:
```sh
xssbase --url <URL>
```
### Using Custom Payloads
To test a URL for XSS vulnerabilities using custom payloads from a file:
```sh
xssbase --url <URL> --payload <payload-file.txt>
```
### Example
To test http://example.com for XSS vulnerabilities using predefined payloads:
```sh
xssbase --url http://example.com
```
To test http://example.com for XSS vulnerabilities using payloads from `custom-payloads.txt`:
```sh
xssbase --url http://example.com --payload custom-payloads.txt
```
### Arguments
`--url`: The URL to test for XSS vulnerabilities (required).
`--payload`: The file containing custom XSS payloads (optional).
### License
This project is licensed under the MIT <a href="https://pypi.org/project/xssbase/#description">License</a>. See the LICENSE file for details.
### Disclaimer
This tool is intended for educational purposes and for use by web developers to secure their own applications. Unauthorized or malicious use is strictly prohibited.
Raw data
{
"_id": null,
"home_page": "https://mrfidal.in/cyber-security/xssbase",
"name": "xssbase",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "xssbase, xss, vulnerability, scanning, mrfidal, cyber security",
"author": "Fidal",
"author_email": "mrfidal@proton.me",
"download_url": "https://files.pythonhosted.org/packages/2d/d3/0367ccf120ee890af987915aaad6ccc71e360edabea5ab1e5b1c0f0ef9eb/xssbase-4.0.3.tar.gz",
"platform": null,
"description": "# XSSbase\r\n\r\nXSSbase is a professional tool designed to help web developers scan for Cross-Site Scripting (XSS) vulnerabilities. It automates the process of testing web applications for XSS vulnerabilities by using a set of predefined payloads or custom payloads provided by the user.\r\n\r\n- **Full Documentation**: <a href=\"https://bytebreach.github.io/pdf/xssbase-Full-Commands.pdf\">Link</a>\r\n- **Basic XSS (Cross-Site Scripting) Vulnerable HTML Code**: <a href=\"https://github.com/ByteBreach/xssbase-test\">Link</a>\r\n\r\n## Features\r\n\r\n- **Automated XSS Testing**: Scans web applications for XSS vulnerabilities using a list of predefined or user-specified payloads.\r\n- **Platform Support**: Currently supports Windows.\r\n- **Custom Payloads**: Allows users to provide their own payloads for testing.\r\n- **Error Handling**: Handles stale element reference errors gracefully and retries automatically.\r\n- **Comprehensive Reports**: Provides detailed information about detected XSS vulnerabilities.\r\n- **Payload List URL**: Displays a URL to a list of useful XSS payloads.\r\n\r\n## Benefits\r\n\r\n- **Time-Saving**: Automates the tedious process of testing for XSS vulnerabilities, saving developers valuable time.\r\n- **Improved Security**: Helps in identifying and fixing XSS vulnerabilities, enhancing the overall security of web applications.\r\n- **Customizable**: Users can use their own payloads for testing, making it highly customizable for specific needs.\r\n\r\n## Payload Examples\r\n\r\nHere are a few sample XSS payloads that XSSbase can use:\r\n\r\n1. `<script>alert('XSS')</script>`\r\n2. `<img src=x onerror=alert('XSS')>`\r\n3. `<svg onload=alert('XSS')>`\r\n4. `\"><script>alert('XSS')</script>`\r\n5. `<body onload=alert('XSS')>`\r\n\r\nFor a comprehensive collection of XSS payloads, refer to the [payloadbox XSS payload list](https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt).\r\n\r\n## Payload List\r\n\r\nA comprehensive list of useful XSS payloads is available at: <a href=\"https://mrfidal.in/cyber-security/xssbase/payload-list.html\">Click Here</a>\r\n\r\n## Installation\r\n\r\nCurrently, XSSbase is only compatible with Windows. To install, use the following command:\r\n\r\n```sh\r\npip install xssbase\r\n```\r\n\r\n## Usage\r\n\r\n### Basic Usage\r\n\r\nTo test a URL for XSS vulnerabilities using the predefined payloads:\r\n```sh\r\nxssbase --url <URL>\r\n```\r\n### Using Custom Payloads\r\n\r\nTo test a URL for XSS vulnerabilities using custom payloads from a file:\r\n```sh\r\nxssbase --url <URL> --payload <payload-file.txt>\r\n```\r\n### Example\r\n\r\nTo test http://example.com for XSS vulnerabilities using predefined payloads:\r\n```sh\r\nxssbase --url http://example.com\r\n```\r\nTo test http://example.com for XSS vulnerabilities using payloads from `custom-payloads.txt`:\r\n```sh\r\nxssbase --url http://example.com --payload custom-payloads.txt\r\n```\r\n\r\n### Arguments\r\n\r\n`--url`: The URL to test for XSS vulnerabilities (required).\r\n\r\n`--payload`: The file containing custom XSS payloads (optional).\r\n\r\n\r\n### License\r\nThis project is licensed under the MIT <a href=\"https://pypi.org/project/xssbase/#description\">License</a>. See the LICENSE file for details.\r\n\r\n### Disclaimer\r\nThis tool is intended for educational purposes and for use by web developers to secure their own applications. Unauthorized or malicious use is strictly prohibited.\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "XSSbase: A professional tool for scanning XSS vulnerabilities.",
"version": "4.0.3",
"project_urls": {
"Homepage": "https://mrfidal.in/cyber-security/xssbase"
},
"split_keywords": [
"xssbase",
" xss",
" vulnerability",
" scanning",
" mrfidal",
" cyber security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9f8aa6b9263990b7ec5e2f8855bcdb81a352dad445f524e5bf770474f662600e",
"md5": "afff7610116dea94d97621ab58a38fbf",
"sha256": "cede7e70bb4e0238654532816df2e4aa44fe98559415b422e4b211cb826c1d1b"
},
"downloads": -1,
"filename": "xssbase-4.0.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "afff7610116dea94d97621ab58a38fbf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 6977,
"upload_time": "2024-05-31T11:37:33",
"upload_time_iso_8601": "2024-05-31T11:37:33.811496Z",
"url": "https://files.pythonhosted.org/packages/9f/8a/a6b9263990b7ec5e2f8855bcdb81a352dad445f524e5bf770474f662600e/xssbase-4.0.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2dd30367ccf120ee890af987915aaad6ccc71e360edabea5ab1e5b1c0f0ef9eb",
"md5": "25c3600d626199774271f044cc52f858",
"sha256": "f5d19a0f2770b3b69f42558fc95fd063c32712c4aab82729fa495d590577ebf0"
},
"downloads": -1,
"filename": "xssbase-4.0.3.tar.gz",
"has_sig": false,
"md5_digest": "25c3600d626199774271f044cc52f858",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6571,
"upload_time": "2024-05-31T11:37:35",
"upload_time_iso_8601": "2024-05-31T11:37:35.556314Z",
"url": "https://files.pythonhosted.org/packages/2d/d3/0367ccf120ee890af987915aaad6ccc71e360edabea5ab1e5b1c0f0ef9eb/xssbase-4.0.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-31 11:37:35",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "xssbase"
}