Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

JavaScript

HTML

OCaml

Elixir

PHP

CSS

Assembly

Go

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Shell

Kotlin

Elm

Rust

F#

C#

Elixir

Objective-C

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇨🇼 Curaçao

🇸🇦 Saudi Arabia

🇬🇬 Guernsey

🇸🇸 South Sudan

🇸🇾 Syria

🇨🇳 China

🇦🇼 Aruba

🇬🇮 Gibraltar

All Countries Compare Countries

ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework

Stars
502
Rank 87,851 (Top 2 %)
Language
Python
Created about 11 years ago
Updated over 4 years ago

ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework

ajinabraham

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

OWASP-Xenotix-XSS-Exploit-Framework

NOTE: PROJECT DEVELOPMENT AND SUPPORT IS DISCONTINUED

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Official OWASP Project Page: https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

Support:

Made with in India

Contact: ajin.abraham AT owasp DOT org

DOWNLOADS

IMPORTANT

Antivirus Solutions may detect it as a threat. However it is due to the features in the exploitation framework.

SHA256: 68096d574aacf51cea46708d473d5c6b13d3b5039c8f3587d2325c9bdefdcbc1

Requirements

Microsoft .NET Framework 4.5 http://www.microsoft.com/en-in/download/details.aspx?id=30653
IronPython 2.7.3 http://ironpython.codeplex.com/downloads/get/423690 [If you are using Scripting Engine]

Older Versions

Version 6.1

MD5: 17c703f90dbb4f09b112284232bbb69f

Version 6.1 Mirror

MD5: 17c703f90dbb4f09b112284232bbb69f

Version 6

MD5: 54a2335e35c47b1e5a87b163088c63ff

Version 5

MD5: bdfce2d4af4012ecc20b86bed876a54a

tags: xss, xss scanner, xss exploit, xenotix, dom xss scanner, xss attacks

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

CMSScan

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Xenotix-Python-Keylogger

Xenotix Python Keylogger for Windows.

njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Node.Js-Security-Course

Contents for Node.Js Security Course

Droid-Application-Fuzz-Framework

Android application fuzzing framework with fuzzers and crash monitor.

WebAppSec

Web Application Security

Static-DOM-XSS-Scanner

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.

libsast

Generic SAST Library

Xenotix-APK-Reverser

Xenotix APK Reverser is an OpenSource Android Application Package (APK) decompiler and disassembler powered by dex2jar, baksmali and jd-core.

aws_security_tools

Scripts and tools for AWS Pentest

PoC

Proof of Concepts, Exploits

Xenotix-xBOT

Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

njsscan-action

nodejsscan Github Action

WhatsApp-AutoClean

WhatsApp AutoClean is an android app that removes all WhatsApp media (images, videos, sound etc) and hide them from being shown in Gallery

tizen-security

Tools made for Tizen Security Analysis

Exploit-Research-Ported

Exploit Research & Development - Ported Exploits

package_scan

PoC: Python package static and dynamic analysis to detect environment variable stealing

node.js-simple-https-server

A simple HTTPS server that uses self signed certificate. Useful for PoC purposes

JSComm-API-Hooker

Tool to hook all communication APIs including XHR/XHR2, WebSockets, Web Workers, PostMessage and Server Sent Events

bad_python_extract

A vulnerable web application written in Python Flask to demonstrate insecure file extraction

Android-SSL-Certificate-Pinning

A sample android application implementing Moxie's Certificate Pinning Library

Vulnerable_Tornado_App

An intentionally vulnerable web application written in Python using Tornado

OpSec-Firefox-Addon-Exploit-Suite

OpSec Firefox Addon Exploit Suite is a POC application that demonstrate various flaws in the Firefox Add-on Security Model.

OAuth-Request-Crafter

OAuth Request Crafter

poc-rogue

python-hash-calculator

Python Hash Calculator

simple-php-browser-detection

Simple PHP script to get browser details.

SafeDOM

A failed attempt to prevent DOM XSS.

YouPlay

Media Server that dumps youtube playlist into mp3

ctf

Google-Voice-on-Zenwatch-3-button

Google Voice on ZenWatch 3 crown button

codeql-uboot

NoSQLi-Vulnerable-App

NoSQLi Vulnerable App

PebbleWatch-LocateMe

Pebble App that Locates You