XSS'OR - Hack with JavaScript.
You can have a try:
https://xssor.io and http://xssor.io/
It contains three major modules: Encode/Decode, Codz, Probe.
Python 3 with Django 3.0.* or Python 2 with Django 1.11.*
- git clone https://github.com/evilcos/xssor2 or download directly
- cd xssor2
- modify xssor/payload/probe.js
xssor.cmd_url = location.protocol + '//xssor.io/cmd'; // replace xssor.io to your domain or ip address- pip3/pip install -r requirement.txt
- python3/python manage.py runserver 0.0.0.0:8000
Browser http://[yourip]:8000 to enjoy.
If you want to deploy it with Nginx, you can use uWSGI.
If you want to delete 6FC9 probe automatically, you can use crontab to this script file(xssor/probeclear.py).
Try it by yourself.
You can build this project with docker
docker build -t xssor:latest .Run the app with
docker run -d -p [port]:8000 xssor:latest [probe domain or ip]UPDATE: 2020/07/28
*. Increase support for docker.
UPDATE: 2020/02/05
*. Compatible with Python 2 and Python 3.
*. Compatible with Django 1.11.* and Django 3.0.*.
*. Fix some bugs.
UPDATE: 2018/07/29
*. Compatible with HTTP and HTTPS.
UPDATE: 2017/09/23
*. Upgrade JS BEAURIFY.
*. Fix PACKER/UNPACKER error bug.
UPDATE: 2017/08/20
*. Increase support for mobile more friendly.
UPDATE: 2017/08/13
*. Fix Probe bug to file:// protocol.
*. Fix Probe bug in mobile app while without cookie.
*. Improve Probe Status.
UPDATE: 2017/05/07
*. Encode/Decode, enhanced.
*. Codz, enhanced.
*. Probe, free to try.
*. Complete rewriting with Python, Django, Bootstrap, jQuery, ...
*. Independent domain: xssor.io.
BE EVIL, DON'T BE BAD.