poXSSon
poXSSon copied to clipboard
A framework for easy payloads development and deployment, collection of customizable XSS payloads
poXSSon
Create, encode and deploy complex JS payloads.
What is this project?
This tool gathers some of the most reliable and useful Javascript payloads that can be used in client-side attacks or while testing security posture of a web application. They can be adapted and modified to your specific needs.
Installation
All of the required deps can be easily installed via command:
pip install -r requirements.txt
Project details
MultiplePayloads()
Choose from several code templates to grab keystrokes, execute system commands and exfiltrate important data from target host. Save generated payload to a file or clipboard for further use.
HighlyEVasive()
Specify encoding schemes, custom script tags, format conversions and polyglot executors using intuitive command-line interface.
FullyCustomizable()
Msfvenom-like approach for specifying options enables you to quickly tweak any payload. Every aspect of the payload's logic can be modified, allowing unique behaviour depending on what system you target.
RealTimeMonitoring()
Most payloads come with a built-in PHP handler that can be launched after generating code template. It listens for status messages and data harvested by the launched payload.
More info
More info about poXSSon and it's usage can be found in our blogpost: JS Payloads in 2021.
Contribute
Contributions are always welcome!