Cross Site Scripting Resources

Micah here. Recently, I’ve found several great resources for those of you that perform web application hacking/penetration testing.​ Most people are aware of the old RSnake XSS filter evasion cheat sheet now maintained and enhance by OWASP (

There are two other sites/web apps that can help too. One has a NSFW domain name but, as we are all adults here and it has a neat approach to XSS, I’ll post it. The site uses only 6 characters in its payloads. Yup. 6. Check out the translation of the typical “alert(1)” payload in the picture below.


“Brutelogic” ( created a Web Gun site ( that is pretty neat too. It is a bunch of drop down items that creates your proof of concept XSS payload. Really customizable and flexible. Check out the pic below.


Comments are closed.

Up ↑

%d bloggers like this: