ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

An XSS exploitation command-line interface and payload generator.

Wordpress Attack Suite

JSshell - JavaScript reverse/remote shell

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

Cross-site scripting labs for web application security enthusiasts

An XSS reverse shell framework

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

Session Hijacking Visual Exploitation

Collection of XSS Payloads for fun and profit

OWASP PTK - application security browser extension.

A list of useful payloads and Bypass for Web Application Security and Bug Bounty/CTF

XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.

Collect XSS vulnerable parameters from entire domain.

Find XSS payloads that actually work by filtering them based on real-world constraints instead of blind payload spraying.

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

Make XSS Great Again

Websites Vulnerability Scanner

A web application for generating custom XSS payloads

XSS cookie stealer using JavaScript and PHP

alert(1) to win payloads

Site-Scanner - Web application vulnerability assessment tool.

Simple-XSS is a multiplatform cross-site scripting (XSS) vulnerability exploitation tool.

automatically crawl every URL and find cross site scripting (XSS)

Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]

Foxss is a simple php based penetration Testing Tool.Currently it will help to find XSS vulnerability in websites.

The Python cookie stealer is a tool that can be used in penetration testing and XSS attacks to steal browser cookies from victims.