Fuzzing: Expanded XSS payloads in core/fuzzing/vectors.py. OWASP XSS Filter Evasion Cheat Sheet & PortSwigger XSS Cheat Sheet.#92
Open
joseguzman1337 wants to merge 14 commits into
Conversation
Configure Mend Bolt for GitHub
Add new XSS vectors from OWASP cheat sheet This commit adds 68 new XSS vectors to the `core/fuzzing/vectors.py` file. These vectors were sourced from the OWASP XSS Filter Evasion Cheat Sheet and cover a wide range of XSS techniques. The 'browser' field for these new vectors is set to "Not Info" as specific browser compatibility information was not immediately available.
Add new XSS vectors from OWASP cheat sheet
…file. These vectors were sourced from the PortSwigger XSS Cheat Sheet and include a variety of techniques such as event handlers, consuming tags, restricted character bypasses, protocol-based vectors, obfuscation methods, framework-specific examples, and classic XSS payloads. Browser compatibility information has been included in the 'browser' field for these vectors where it was provided in the cheat sheet; otherwise, it is set to "Not Info".
This commit adds 52 new XSS vectors to the `core/fuzzing/vectors.py` …
Owner
|
hey @joseguzman1337 really nice expanding. I am currently involved into another project, so i need more time to review it. thanks! |
- Add .DS_Store pattern to ignore macOS folder metadata - Add ._* pattern to ignore AppleDouble files 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fuzzing: Expanded XSS payloads in core/fuzzing/vectors.py. Sourced from OWASP XSS Filter Evasion Cheat Sheet & PortSwigger XSS Cheat Sheet. Includes vectors for various HTML elements/attributes, JS contexts, diverse encoding methods (hex, Unicode, base64), protocol/URL manipulation, event handlers, obfuscation, and exploits targeting specific browsers (IE, Firefox) and frameworks (AngularJS, VueJS).