We curate a set of fun and interesting Cross Site Scripting (XSS) payloads. They’re designed for quick and effective attacks when time is too short and using a framework is too big. Our payloads allow you to have fun with things such as:
Obtaining NTLM hashes from your victim, ready to crack and use on perimeter services
Scan internal networks as part of further enumeration
Obtain credentials directly from your victim
Grab sensitive content from your victim’s DOM
…and much more!
Over time, these payloads will be further developed and expanded upon. Throw them in your testing kit for quick and dirty Cross Site Scripting wins.