• Stars
    star
    502
  • Rank 87,851 (Top 2 %)
  • Language
    Python
  • Created over 11 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

OWASP-Xenotix-XSS-Exploit-Framework

NOTE: PROJECT DEVELOPMENT AND SUPPORT IS DISCONTINUED

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the worldโ€™s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Official OWASP Project Page: https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

Support: support

Made with Love in India

Contact: ajin.abraham AT owasp DOT org

DOWNLOADS

IMPORTANT

Antivirus Solutions may detect it as a threat. However it is due to the features in the exploitation framework.

Latest v6.2

SHA256: 68096d574aacf51cea46708d473d5c6b13d3b5039c8f3587d2325c9bdefdcbc1

Requirements

Older Versions

MD5: 17c703f90dbb4f09b112284232bbb69f

MD5: 17c703f90dbb4f09b112284232bbb69f

MD5: 54a2335e35c47b1e5a87b163088c63ff

MD5: bdfce2d4af4012ecc20b86bed876a54a

tags: xss, xss scanner, xss exploit, xenotix, dom xss scanner, xss attacks

More Repositories

1

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.
CSS
2,233
star
2

CMSScan

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
CSS
913
star
3

Xenotix-Python-Keylogger

Xenotix Python Keylogger for Windows.
Python
451
star
4

njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
JavaScript
314
star
5

Node.Js-Security-Course

Contents for Node.Js Security Course
JavaScript
313
star
6

Droid-Application-Fuzz-Framework

Android application fuzzing framework with fuzzers and crash monitor.
HTML
270
star
7

WebAppSec

Web Application Security
Python
120
star
8

Static-DOM-XSS-Scanner

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.
Python
116
star
9

libsast

Generic SAST Library
Python
105
star
10

Xenotix-APK-Reverser

Xenotix APK Reverser is an OpenSource Android Application Package (APK) decompiler and disassembler powered by dex2jar, baksmali and jd-core.
Python
76
star
11

aws_security_tools

Scripts and tools for AWS Pentest
Python
51
star
12

PoC

Proof of Concepts, Exploits
Python
28
star
13

Xenotix-xBOT

Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C
Python
27
star
14

njsscan-action

nodejsscan Github Action
Dockerfile
20
star
15

WhatsApp-AutoClean

WhatsApp AutoClean is an android app that removes all WhatsApp media (images, videos, sound etc) and hide them from being shown in Gallery
Java
16
star
16

tizen-security

Tools made for Tizen Security Analysis
Python
14
star
17

Exploit-Research-Ported

Exploit Research & Development - Ported Exploits
Python
11
star
18

package_scan

PoC: Python package static and dynamic analysis to detect environment variable stealing
Python
10
star
19

node.js-simple-https-server

A simple HTTPS server that uses self signed certificate. Useful for PoC purposes
JavaScript
8
star
20

JSComm-API-Hooker

Tool to hook all communication APIs including XHR/XHR2, WebSockets, Web Workers, PostMessage and Server Sent Events
JavaScript
8
star
21

bad_python_extract

A vulnerable web application written in Python Flask to demonstrate insecure file extraction
Python
8
star
22

Android-SSL-Certificate-Pinning

A sample android application implementing Moxie's Certificate Pinning Library
Java
8
star
23

Vulnerable_Tornado_App

An intentionally vulnerable web application written in Python using Tornado
CSS
7
star
24

OpSec-Firefox-Addon-Exploit-Suite

OpSec Firefox Addon Exploit Suite is a POC application that demonstrate various flaws in the Firefox Add-on Security Model.
Visual Basic
7
star
25

OAuth-Request-Crafter

OAuth Request Crafter
Visual Basic
7
star
26

poc-rogue

Python
4
star
27

python-hash-calculator

Python Hash Calculator
4
star
28

simple-php-browser-detection

Simple PHP script to get browser details.
3
star
29

SafeDOM

A failed attempt to prevent DOM XSS.
JavaScript
2
star
30

YouPlay

Media Server that dumps youtube playlist into mp3
Python
2
star
31

ctf

HTML
1
star
32

Google-Voice-on-Zenwatch-3-button

Google Voice on ZenWatch 3 crown button
Java
1
star
33

codeql-uboot

CodeQL
1
star
34

NoSQLi-Vulnerable-App

NoSQLi Vulnerable App
HTML
1
star
35

PebbleWatch-LocateMe

Pebble App that Locates You
JavaScript
1
star