Skip to main content

Basic Headless Navigation Example

This template visits a URL in the headless browser and waits for it to load.

Headless prototype pollution detection

The below template detects prototype pollution on pages with Nuclei headless capabilities. The code for detection is taken from https://github.com/msrkp/PPScan. We make use of script injection capabilities of nuclei to provide reliable detection for prototype pollution.

DVWA XSS Reproduction With Headless Mode

This template logs into DVWA (Damn Vulnerable Web App) and tries to automatically reproduce a Reflected XSS, returning a match if it found that the payload was executed successfully.

XSS Detection

This template detects triggered XSS payloads by using the waitdialog action.

DOM XSS Detection

This template performs detection of DOM-XSS for window.name source by hooking common sinks such as eval, innerHTML and document.write.