README
¶
XSS Tower
XSS Tower is an open-source project that enables users to exploit Blind Cross-Site Scripting (XSS) vulnerabilities. This tool allows users to add new handlers to receive XSS payloads and share it with other users. With XSS Tower, you can efficiently identify and exploit XSS vulnerabilities, aiding in web application security testing. This tool is inspired by others such as XSSHunter and ezXSS.
Features
- Exploit blind XSS vulnerabilities
- Add handlers to receive fires upon payload execution
- Share handlers with other users
- Allow public access to XSS Fire
- Exfiltrate pages or local file
- Disable DOM/Screenshot
- Save fire even if the payload failed to execute
Installation
From docker
docker run -d -p 8080:8080 thomasfady/xsstower
From Go
go install -v github.com/thomasfady/xsstower@latest
From source
cd client
npm install
npm run build
cd -
cp -r client/dist/* app
go mod tidy
CGO_ENABLED=0 GOOS=linux go build -o xsstower -ldflags="-s -w" main.go
Screenshots
XSS Fires
XSS Fires Details
XSS Fires Collected Pages / Files
Payloads
Handler Information
Handler Members
Admin User management
TODO
- Registration
- Database config
- Change password form
- 2FA
- Notification system
- Documentation
- UI Fixes
- Add tests
Contributing
Contributions to XSS Tower are always welcome! If you find a bug or have suggestions for new features, please open an issue on the GitHub repository. If you would like to contribute code, fork the repository and submit a pull request with your changes.
License
XSS Tower is open-source software released under the GPLv3. See the LICENSE file for more information.
Documentation
¶
There is no documentation for this package.
Source Files
Directories