XSShell is a cross-site-scripting reverse shell… Okay, well maybe it’s not a true reverse shell, but it will allow you to interact in real time with an XSS victim’s browser.

XSShell also comes with a number of premade XSS payloads to use:

• alert – send a js alert message
• cs – get cookies and any updates to the cookies
• gi – download all images on the page
• kl – key logger
• ll – list all links on the page
• src – download the current page source
• pfl – show the user a modal and prompt them to login
• xhr – make xhr requests in the context of the victim’s browser

Install 

The xsshell command:
xsshell -h
Usage of xsshell:
-cert string
ssl cert file
-host string
websocket listen address
-key string ssl key file
-log string
specify a log file to log all console communication
-path string
websocket connection path (default “/s”)
-port string
websocket listen port (default “8234”)
-servdir string
specify a directory to serve files from. a file server will not be started if no directory is specified
-servpath string
specify the base url path that you want to serve files from (default “/static/”)
-wrkdir string
working directory that will be used as the relative root path for any commands requiring user provided file paths (default “./”)