Hi, I'm Ravi, a web application penetration tester. I built FindXSS out of a personal need I encountered frequently during bug hunting.
I wanted a centralized, easy-to-access place where I could quickly find categorized XSS payloads, test out ideas, and keep my techniques organized. As I curated more payloads and found patterns, I realized that this resource could be valuable to others in the cybersecurity community.
That's why I decided to make FindXSS public. My goal is to turn it into a useful learning and reference tool for fellow ethical hackers, pentesters, bug bounty hunters, and anyone passionate about web security.
This site is designed strictly for educational purposes. It's meant to support learning, enable safe and ethical testing, provide resources for bug bounty training, and aid in security research.
Important: This site does not promote hacking or illegal activity. It's built to raise awareness about web vulnerabilities so they can be understood and prevented.
You can connect with me via Email , follow on Twitter , or connect on LinkedIn .
Loading...
- Added over 150 new XSS payloads, focusing on WAF Evasion, DOM-Based XSS, and Framework-Specific techniques.
- Introduced the new 'DOM Clobbering' payload category for advanced research.
- Improved the user interface by cleaning up the payload cards for a more streamlined experience.
Aug 2025
- Launched the 'Learn XSS' page: A comprehensive guide to XSS fundamentals, types, and prevention methods.
- Enhanced the 'Learn XSS' page with a new 'Recommended Videos' section for visual learners.