Vibe Index
🎯

xss-testing

🎯Skill

from ed1s0nz/cyberstrikeai

VibeIndex|
What it does

Performs comprehensive XSS vulnerability testing across reflected, stored, and DOM-based attack vectors using advanced payload techniques and scanning tools.

📦

Part of

ed1s0nz/cyberstrikeai(11 items)

xss-testing

Installation

git cloneClone repository
git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git
GoRun with Go
go run cmd/server/main.go
GoRun with Go
go build -o cyberstrike-ai-mcp cmd/mcp-stdio/main.go
Claude Desktop ConfigurationAdd this to your claude_desktop_config.json
{ "mcpServers": { "cyberstrike-ai": { "command": "/absolute...
📖 Extracted from docs: ed1s0nz/cyberstrikeai
Need more details? View full documentation on GitHub
1Installs
-
AddedFeb 4, 2026
View on GitHubBack to Skills

Skill Details

SKILL.md

XSS跨站脚本攻击测试的专业技能

Overview

# XSS测试技能

概述

跨站脚本攻击(XSS)允许攻击者在受害者的浏览器中执行恶意JavaScript代码。本技能涵盖反射型、存储型和DOM型XSS的测试方法。

XSS类型

1. 反射型XSS (Reflected XSS)

  • 恶意脚本通过URL参数传递
  • 服务器直接返回包含脚本的响应
  • 需要用户点击恶意链接

2. 存储型XSS (Stored XSS)

  • 恶意脚本存储在服务器(数据库、文件等)
  • 所有访问受影响页面的用户都会执行脚本
  • 影响范围更大

3. DOM型XSS (DOM-based XSS)

  • 客户端JavaScript处理用户输入不当
  • 不涉及服务器端处理
  • 通过修改DOM结构触发

测试方法

基础Payload

```javascript

```

绕过过滤

#### 大小写绕过

```javascript

```

#### 编码绕过

```javascript

%3Cscript%3Ealert('XSS')%3C/script%3E

<script>alert('XSS')</script>

```

#### 事件处理器

```javascript

hover

```

#### 伪协议

```javascript

click