SVG XSS Exploiter is a powerful tool built for ethical hackers, bug bounty hunters, and security researchers to craft and test SVG-based XSS (Cross-Site Scripting) payloads. This tool automates the injection of malicious JavaScript into SVG files, helping you uncover vulnerabilities in web apps that handle user-uploaded SVGs.
- 🖼️ Upload or generate SVG files with embedded JavaScript payloads
- ⚙️ Automatic payload injection & vector binding
- 🔐 Sandboxed preview environment for safe local testing
- 🌑 Sleek dark-mode hacker UI for minimal distraction
- 🧪 Ideal for penetration testing & bug bounty reconnaissance
This tool is crafted for:
- Security researchers looking to exploit SVG-based XSS
- Ethical hackers engaged in web application testing
- Bug bounty hunters targeting SVG upload vectors
- Developers analyzing the attack surface of their apps
💸 Some bug bounty programs offer $10,000+ rewards for discovering critical XSS vulnerabilities caused by SVG parsing bugs. This tool helps you find those hidden gems!
SVG XSS Exploiter is intended strictly for educational purposes and authorized testing environments.
Do NOT use it against any target without explicit permission.
❗ Unauthorized testing is illegal and may lead to criminal charges. Always stay ethical.
- Make sure you have Python and Flask installed
- Install Flask with pip:
pip install flask
- Run the app:
python app.py
- Open the URL shown in your terminal (e.g. http://127.0.0.1:5000)
Once loaded, you can:
• Upload your own SVG files
• Generate and test XSS payloads safely
• Preview everything in an isolated environment
👨💻 About the Creator Created by Mohammad Taha Hatami Ghasareh, a 16-year-old developer passionate about offensive security and open-source tooling. This project is built to empower the security community to detect and mitigate SVG-based threats efficiently.
🖼️ Visual Preview
🏷️ Tags & Topics
svg-xss • xss • web-security • hacking-tools • penetration-testing • bugbounty • offensive-security • cybersecurity
This project is licensed under the MIT License - see the LICENSE file for details.
© 2025 Taha Hatami — GitHub
⭐️ Support the Project If you found this tool helpful, consider giving it a ⭐️ on GitHub or sharing it with fellow researchers!