XSS Tower is an open-source project that enables users to exploit Blind Cross-Site Scripting (XSS) vulnerabilities. This tool allows users to add new handlers to receive XSS payloads and share it with other users. With XSS Tower, you can efficiently identify and exploit XSS vulnerabilities, aiding in web application security testing. This tool is inspired by others such as XSSHunter and ezXSS.
- Exploit blind XSS vulnerabilities
- Add handlers to receive fires upon payload execution
- Share handlers with other users
- Allow public access to XSS Fire
- Exfiltrate pages or local file
- Disable DOM/Screenshot
- Save fire even if the payload failed to execute
docker run -d -p 8080:8080 thomasfady/xsstower
go install -v github.com/thomasfady/xsstower@latest
cd client
npm install
npm run build
cd -
cp -r client/dist/* app
go mod tidy
CGO_ENABLED=0 GOOS=linux go build -o xsstower -ldflags="-s -w" main.goXSS Fires
XSS Fires Details
XSS Fires Collected Pages / Files
Payloads
Handler Information
Handler Members
Admin User management
- Registration
- Database config
- Change password form
- 2FA
- [...] Notification system
- Documentation
- UI Fixes
- Add tests
Contributions to XSS Tower are always welcome! If you find a bug or have suggestions for new features, please open an issue on the GitHub repository. If you would like to contribute code, fork the repository and submit a pull request with your changes.
XSS Tower is open-source software released under the GPLv3. See the LICENSE file for more information.