github.com/crawl3r/PortswiggerXSS
Gathers the cheatsheet payloads and creates a usable wordlist
THANK YOU PORTSWIGGER FOR ALL YOUR AMAZING WORK AND EFFORT :heart:
Just build or run the script as is, no args needed. The rest should be handled for you.
Disclaimer: Not the cleanest code but it works :)
Cheatsheet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
Thank you ArenasDev for adding the following parameters and functionality:
-tag for tag filtering
-event for event filtering
-filename for setting the name of the filtered list
-update to force update (it wont update if there is an existing payload file)
I'm just a simple skid. Licensing isn't a big issue to me, I post things that I find helpful online in the hope that others can:
A) learn from the code
B) find use with the code or
C) need to just have a laugh at something to make themselves feel better
Either way, if this helped you - cool :)
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.
