DOCUMENTATION

INTRODUCTION

Welcome to XSSify, your go-to tool for managing, exploring, and sharing Cross-Site Scripting (XSS) payloads. XSSify is designed to provide security professionals and enthusiasts with a community-driven platform to discover and submit various XSS payloads. Whether you're looking to explore new techniques or contribute to the database, XSSify is here to help.

KEY FEATURES FOR USERS

  • Sniper Shots: Single line payloads to play at different injection points.
  • Exploit Packets: Multiline payloads for file-upload based XSS attacks. (eg:pdf, jpg, etc.)
  • Advanced Search & Filter: Find specific payloads using search and filter options by categories or tags.
  • User Payload Submissions: Contribute your own XSS payloads to the community by submitting them for review.
  • Real-Time Database: Get instant access to newly approved payloads as the database is updated in real-time.

GETTING STARTED

  1. Accessing XSSify

    2. To begin using XSSify, simply navigate to XSSify on The Threat Cops. There is no need for account creation to explore payloads, but users who want to submit payloads will need to log in.

  2. Logging In

    3. # To submit payloads or manage your submissions, you need to log in with your Google account.
    # Click on the Login to contribute button in the side bar.
    # Select the Google account you want to use to sign in.

EXPLORING PAYLOADS

  1. Browse Payloads

    2. On the homepage, you will find a list of approved XSS payloads.
    Each payload is displayed with its date, category, description, author and payload code.

  2. Search and Filter

    3. Use the search bar at the top to search for specific payloads by keyword.
    You can filter payloads based on category or tags. For example, you can filter by categories like HTML Injection or JavaScript Injection.

SUBMITTING A PAYLOAD

  1. How to Submit a Payload

    2. Once logged in, you can submit your own XSS payload by navigating to the Contribute page.
    Fill out the submission form with the following details:
    Payload: Payload that you want to contribute.
    Category: Select the relevant category. (e.g., HTML Injection, JavaScript Injection, WAF Bypass, etc.)
    Description: Provide a short description of what the payload does or how it works.
    Type: Choose the type, sniper shot or exploit packet.

  2. Submission Review

    3. Once submitted, your payload will enter a pending review state. It will be reviewed by an admin for approval.
    You will receive a notification on your dashboard once your payload has been reviewed and either approved or rejected.

UNDERSTANDING PAYLOAD INFORMATION

    When you explore payloads on XSSify, each payload is presented with the following details:
    Payload: The actual XSS payload code.
    Category: The type of XSS attack this payload targets (e.g., HTML Injection,JavaScript Injection).
    Tags: Additional descriptors for the payload (e.g., alert, script, bypass).
    Description: A brief explanation of what the payload does.

GUIDELINES FOR SUBMISSION

    To ensure the quality and safety of the payloads, please follow these guidelines when submitting:

  1. Clarity:

    2. Provide a clear and concise description for your payload.

  2. Respect the Community:

    3. Submit payloads that contribute value and insight to the community.

ADMIN REVIEW PROCESS

    Once A Payload Is Submitted:
  • The payload will be reviewed by the admin team to ensure it is valid and safe.
  • Admins may reject payloads that are deemed harmful, overly repetitive, or unclear.
  • Approved payloads will be added to the public database for all users to explore.

FAQs

  1. Do I need to create an account to browse payloads?

    2. No, you can explore the payload database without logging in. However, to submit payloads, you need to log in with your Google account.

  2. How do I submit my own XSS payload?

    3. You can submit a payload by logging in and navigating to the Submit Payload section. Fill out the form, and your payload will be reviewed before it is added to the database.

  3. Can I delete or edit a payload I submitted?

    4. Currently, there is no option to directly edit or delete your submission after it's been reviewed. If you need to make changes, you can contact the admin team.

  4. How are submissions reviewed?

    5. Admin reviewers evaluate each payload for quality, safety, and relevance before approving or rejecting it. Only approved payloads are made available in the public database.

  5. Can I test payloads directly on XSSify?

    6. Currently, XSSify only serves as a repository and does not have a live testing environment. We recommend testing payloads in a controlled and safe environment on your own.

SUPPORT

If you encounter any issues or have questions, please reach out to us at admin@thethreatcops.com

CONCLUSION

XSSify is a powerful tool for anyone interested in XSS payloads. By allowing users to explore and submit payloads, XSSify contributes to the broader security community while providing a valuable resource for professionals and researchers alike.

Happy XSSifying!

XSSIFY