Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.
β21May 11, 2021Updated 5 years ago
Alternatives and similar repositories for XSS-Data-Exfil
Users that are interested in XSS-Data-Exfil are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- π Sling Shot R3con: Automate Your Bug Bounty and Pentest Reconnaissance with Project Discovery tools π―β25Sep 21, 2023Updated 2 years ago
- A framework to kickstart yourself in making malicious USB devices using ATTiny85.β14Jun 11, 2025Updated last year
- Learn how to intercept flutter appsβ25Jan 19, 2024Updated 2 years ago
- HTTP requests of FrontPage expolitβ26Dec 19, 2013Updated 12 years ago
- My mobile writeups repositoryβ33Nov 19, 2025Updated 6 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Accompanying material needed for the workshopβ11Jun 14, 2023Updated 3 years ago
- For finding secrets, tokens and other common mistakes made by developers.β12Oct 21, 2025Updated 7 months ago
- β25Apr 29, 2025Updated last year
- A PHP tool to brute force vhost configured on a server.β89Dec 2, 2022Updated 3 years ago
- A suggested path for learning Vim's scripting language, VimLβ20Jun 14, 2014Updated 12 years ago
- Gathering All Nuclei Fuzzing Templates in a Single Repo.β11Apr 23, 2024Updated 2 years ago
- Collection of notes for talksβ13Jan 6, 2024Updated 2 years ago
- Simple tool to test for SSRF/OOB HTTP Read within the Path of a requestβ30Aug 2, 2019Updated 6 years ago
- Terraform module for creating and managing VM Qemu resourcesβ16Apr 25, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Wayfiles is a tool designed to search for juicy files and URLs within a folder/file with results of tools like gau, waymore, waybackurls,β¦β16Feb 22, 2026Updated 3 months ago
- The OWASP Testing Guide v4.2 Checlist [2023]β13Jan 15, 2023Updated 3 years ago
- A frightfully intelligent algorithmic trading automaton of noble birth. Sir Reginald's prime directive: to acquire undervalued assets posβ¦β43Sep 18, 2025Updated 9 months ago
- Basic network port scanner created in C#β19Aug 1, 2019Updated 6 years ago
- CLI script to use GadgetProbe as a library to generate serialized payloads of DNS callbacks to free DNSbin to probe what Java classpaths β¦β14Jun 8, 2021Updated 5 years ago
- This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, iβ¦β16Oct 22, 2020Updated 5 years ago
- Used to get NTLMv2 Hashes from SMBβ26Oct 24, 2024Updated last year
- β15Dec 12, 2023Updated 2 years ago
- A handy plugin for copying requests/responses directly from Burp, some extra magic included.β13Oct 15, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways β’ AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- β13Oct 14, 2016Updated 9 years ago
- β13Jul 25, 2023Updated 2 years ago
- A Multi-Processing Tool for collecting and extracting information to an Excel file from a Burp Suite output file.β10Apr 8, 2024Updated 2 years ago
- β11Sep 3, 2023Updated 2 years ago
- JavaScript functions intended to be used as an XSS payload against a WordPress admin account.β57Oct 6, 2020Updated 5 years ago
- A collection of js analysis tools & scripts.β19May 4, 2026Updated last month
- The following code when compiled in go takes a domain name as an argument and outputs an HTML file with Google Search links for various dβ¦β17Sep 11, 2024Updated last year
- My little polygon for common lisp adventures (games and experiments)β18Jul 12, 2017Updated 8 years ago
- A personal repository of notes about learning lisp patternsβ16Mar 9, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer β’ AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Get acquisitions by scraping titles of crunchbase.β16Dec 18, 2024Updated last year
- Tool to download IP ranges of CDN providers for bug bountiesβ14Jul 24, 2024Updated last year
- dEX is a powerful tool for transmitting OS command output over DNS. It is equipped with robust mechanisms for handling missing chunks, enβ¦β18Nov 21, 2024Updated last year
- See more at:β16Jun 3, 2019Updated 7 years ago
- Hack The Box CPTS commandβ61Jun 25, 2025Updated 11 months ago
- A list of useful payloads and bypass for Web Application Securityβ14Nov 26, 2023Updated 2 years ago
- Hayden Housen's solutions to the 2021 HackTheBox "Cyber Santa is Coming to Town" Competitionβ19May 29, 2022Updated 4 years ago