xss-cross-site-scripting
CommunityFind real XSS routes fast, even under CSP/WAF.
AuthorlNwNl
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It helps you systematically discover and validate cross-site scripting paths when input is reflected or stored across different HTML/attribute/JS/URL contexts, and when modern mitigations like CSP and Trusted Types complicate exploitation.
Core Features & Use Cases
- Injection-context driven payload selection: choose the right attack string based on whether reflection occurs in HTML body, attributes, script blocks, URL sinks, or XML contexts.
- Second-order and blind XSS workflows: craft payloads that survive storage/encoding and cover parameters that are not immediately reflected.
- Advanced bypass and post-exploitation guidance: use mXSS/DOMPurify differentials, DOM clobbering, Trusted Types policy gaps, CSP bypass vectors, XS-Leaks side channels, and session-fixation/HttpOnly-relevant exploitation paths.
- Framework and persistence vectors: cover modern framework XSS patterns (React/Vue/Angular/Next.js) and service worker persistence after successful script execution.
Quick Start
Use the xss-cross-site-scripting skill to enumerate likely reflection contexts for your target inputs and then select an appropriate advanced payload for each sink to confirm execution and escalation paths.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: xss-cross-site-scripting Download link: https://github.com/lNwNl/Methodos/archive/main.zip#xss-cross-site-scripting Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.