Skills
.Work. You
Rest

xss-reflected

Official

Exploit reflected XSS vulnerabilities.

Software Engineering#xss#penetration testing#web security#payloads#reflected xss#javascript injection
Authorblacklanternsecurity
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps penetration testers identify and exploit reflected Cross-Site Scripting (XSS) vulnerabilities in web applications, enabling JavaScript execution in the victim's browser.

Core Features & Use Cases

  • Payload Testing: Utilizes curl to inject various XSS payloads into URL parameters and headers.
  • Contextual Analysis: Guides the user to identify where input is reflected in the HTML response (attributes, script blocks, comments, etc.).
  • Filter & WAF Bypass: Provides techniques to circumvent common input filters, Web Application Firewalls (WAFs), and Content Security Policies (CSPs).
  • Impact Demonstration: Facilitates demonstrating real-world impact through cookie theft, session hijacking, phishing, and keylogging.
  • Use Case: A penetration tester finds user input reflected in a search result page. They use this Skill to craft and inject a payload that executes JavaScript, demonstrating the ability to steal session cookies.

Quick Start

Use the xss-reflected skill to test for reflected XSS on the target URL 'https://example.com/search?q=test'.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: xss-reflected
Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#xss-reflected

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.