XSS-B2

XSS-B2

Admin
July 28, 2025
18 views
Tool

XSS-B2 Dropper Evasion Stealth Mode Tool

There’s only one rule in this fucking jungle, when the Lion’s hungry, he EATS!

XSS-B2 is an enhanced XSS automation tool designed to streamline the process of identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities. With a focus on real JavaScript execution detection, XSS-B2 offers advanced features such as:

  • Proxy Support: Rotate through a list of proxies for improved anonymity and evasion
  • User Agent Rotation: Switch between multiple user agents to avoid detection
  • reCAPTCHA Bypass: Utilize audio recognition to bypass reCAPTCHA challenges
  • Terminal Progress Bar: Visualize scan progress with a rich terminal interface
  • JSON Reporting: Generate detailed reports for comprehensive vulnerability analysis

Features

  • Real XSS Detection: Focus on actual JavaScript execution, minimizing false positives
  • GET and POST Method Support: Test both HTTP methods for comprehensive vulnerability scanning
  • Arjun Integration: Leverage Arjun for parameter discovery to enhance scan effectiveness
  • Custom Payloads: Load your own XSS payloads for tailored testing
  • Verbose Output: Enable detailed logging for debugging and analysis

Installation

  1. Clone the repository: git clone https://github.com/username/XSS-B2.git   
  2. Install dependencies: pip install -r requirements.txt  
  3. Run the tool: python3 XSS-B2.py -h 

For Kali Linux systems, you should also install these system packages: apt update && sudo apt install -y chromium chromium-driver ffmpeg

Usage

python3 XSS-B2.py -u <target_url> -o <output_dir> [-p <proxy_file>] [-m <method>] [--bypassrecaptcha]

Command-Line Arguments

  • -u, --url <URL>: Single target URL
  • -l, --list <FILE>: File with list of URLs
  • -o, --output-dir <DIR>: Output directory for results
  • -p, --proxy <FILE>: File containing proxy list (HTTP, HTTPS, SOCKS5)
  • --proxy-only: Force proxy-only mode (no direct connection fallback)
  • --test-proxies: Test all proxies and exit
  • --show-browser: Show browser (run in visible mode)
  • --timeout <SEC>: Page load timeout in seconds (default:10)
  • --delay <SEC>: Delay between requests in seconds (default:1)
  • --threads <NUM>: Number of threads for Arjun (default:5)
  • --payloads <FILE>: Custom XSS payloads file (one per line)
  • -m, --method <method>: HTTP method for testing payloads (default: GET)
  • --bypassrecaptcha: Enable reCAPTCHA bypass using audio challenge
  • --tbar: Enable terminal progress bar (requires rich)
  • -v, --verbose: Enable verbose/debug output
  • --log-file <FILE>: Save logs to file

Requirements

  • Python3.7+
  • Selenium
  • Requests
  • BeautifulSoup4
  • Pydub
  • SpeechRecognition
  • Rich

Disclaimer

Use XSS-B2 only on authorized targets. The authors and contributors are not responsible for any misuse or damage caused.

Contributing

Contributions are welcome! Please submit pull requests or issues on GitHub.

License

XSS-B2 is licensed under the MIT License. See LICENSE for details.