OWASP Xenotix XSS Exploit Framework

Scanning & Detection | Information Gathering | Attack & Exploitation


How to Use?

Here you will find some videos that provides documentation on latest versions of OWASP Xenotix XSS Exploit Framework

All the videos are available at our YouTube Playlist: here

Article on Xenotix XSS Exploit Framework on ISSA Journal


OWASP Xenotix XSS Exploit Framework V6.2
Mirror: Google Drive
Older Versions:OWASP Project Page

Download: The Ultimate XSS Protection Cheat Sheet for Developers


Microsoft .NET Framework 4.5

IronPython 2.7.3(Optional)

About OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 4700+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Involvement in the development of OWASP Xenotix XSS Exploit Framework is highly encouraged!
Here are some of the ways you can help:

Feedback & Queries

Do you have any issues with it?
Do you find any design flows or errors?
Do you need help in using it?
Do you have something to tell about it?
Send an Email:a...@gmail.com


Are you a developer? Do you have some cool ideas to contribute? Get in touch via a...@gmail.com If you actively contribute to Xenotix then you will be invited to join the project.

funds to OWASP earmarked for OWASP Xenotix XSS Exploit Framework.