JXSS

JXSS is a Python-based tool designed to detect and exploit Cross-Site Scripting (XSS) vulnerabilities in web applications. Built with modularity and flexibility in mind, JXSS can help penetration testers, bug bounty hunters, and cybersecurity enthusiasts identify potential security weaknesses in JavaScript files and inline scripts.

Generate Convert Improve

Install / Use

/learn @John-A0/JXSS

About this skill

Quality Score

0/100

README

JXSS: XSS Vulnerability Detection & Exploitation Tool

🚀 Features

JavaScript Vulnerability Detection: Scans external JavaScript files and inline scripts to detect XSS vulnerabilities.
Payload Injection: Supports custom payloads for testing successful exploitation.
Automated Dynamic Testing: Uses Selenium to automate testing of parameters and detect XSS vulnerabilities in real-time.
Detailed Reporting: Outputs a clear summary of vulnerabilities and successful payloads for easy documentation.

🛠️ Installation

Clone the Repository:

git clone https://github.com/John-A0/JXSS.git
cd JXSS

Install Requirements: JXSS uses Python 3.x. Install dependencies using:

pip install -r requirements.txt

Set Up WebDriver: Install the Chrome WebDriver using webdriver_manager:

pip install webdriver-manager

⚡ Usage

Basic Scanning Run the tool and provide the URL to scan for JavaScript-based XSS vulnerabilities:

python JXSS.py

You’ll be prompted to:

Enter the URL to scan.
Provide the path to your payload wordlist.

Aggressive Exploitation (Parameter Testing) After scanning, you can use Selenium for aggressive XSS testing:

Enter a URL with parameters to test payloads dynamically. JXSS will automate testing and handle alerts for detected vulnerabilities.

📂 Payload Wordlist

JXSS requires a payload wordlist to test for XSS vulnerabilities. You can use existing wordlists like those from @SecLists or create your own.

🧩 Roadmap

Add support for bypassing Web Application Firewalls (WAFs). Enhance performance with asynchronous requests. Introduce JSON/HTML output for better reporting. Add more advanced detection techniques for modern web apps.

🛡️ Disclaimer

This tool is intended for educational purposes and authorized testing only. Unauthorized use on systems without explicit permission is illegal and unethical.

🤝 Contributing

Contributions are welcome! Feel free to fork the repo, submit pull requests, or open issues for suggestions and bug reports.

💌 Contact

Have feedback or want to collaborate? Connect with me on LinkedIn --> https://www.linkedin.com/in/john-aymn/

Related Skills

clearshot

Structured screenshot analysis for UI implementation and critique. Analyzes every UI screenshot with a 5×5 spatial grid, full element inventory, and design system extraction — facts and taste together, every time. Escalates to full implementation blueprint when building. Trigger on any digital interface image file (png, jpg, gif, webp — websites, apps, dashboards, mockups, wireframes) or commands like 'analyse this screenshot,' 'rebuild this,' 'match this design,' 'clone this.' Skip for non-UI images (photos, memes, charts) unless the user explicitly wants to build a UI from them. Does NOT trigger on HTML source code, CSS, SVGs, or any code pasted as text.

openpencil

2.0k

The world's first open-source AI-native vector design tool and the first to feature concurrent Agent Teams. Design-as-Code. Turn prompts into UI directly on the live canvas. A modern alternative to Pencil.

HappyColorBlend

HappyColorBlendVibe Project Guidelines Project Overview HappyColorBlendVibe is a Figma plugin for color palette generation with advanced tint/shade blending capabilities. It allows designers to

Flyaro-waffle-app

Waffle Delight - Full Stack MERN Application Rules & Documentation Project Overview A comprehensive waffle delivery application built with MERN stack featuring premium UI/UX, admin management, a

John-A0

View profile

View on GitHub

GitHub Stars6

CategoryDesign

Updated1y ago

Forks2

John-A0/JXSS

Languages

Python

Security Score

55/100

Audited on Dec 21, 2024

No findings