Hugging Face's logo

kd7979148
/
XSS_Payload_Detector

Text Classification
Transformers
Safetensors
English
distilbert
cybersecurity
xss
security
web
payload-detection
web-security
Model card Files
xet
 Community

XSS Payload Detector

DistilBERT-based machine learning model for detecting XSS payloads. This project can be used either as a standalone CLI classifier or as a log-monitoring system that automatically analyzes web server requests and detects potential XSS attacks.

Labels

Label Description
NORMAL Benign input
XSS Potential XSS payload

Requirements 

pip install torch
pip install transformers
pip install flask

Features

This project supports two different usage modes.

1. CLI Mode

Run:

python inference_bert_url.py

Enter a string or URL directly from the command line.

The model will classify the input as:

  • NORMAL
  • XSS

and display a confidence score.

Example:

Input:
<script>alert(1)</script>

Result:
XSS
Confidence:
0.9998

2. Log Monitoring Mode

Run the monitoring service:

python monitor.py

The monitor automatically reads web server access logs and analyzes incoming requests.

Detected XSS payloads are logged for further inspection.

This allows the model to be integrated into a web application environment without manually entering payloads.

Test Environment

Run the example Flask server:

python test_server.py

Demo Then open:

http://127.0.0.1:8080/?q=abcde

Example XSS payload:

http://127.0.0.1:8080/?q=<img src='x' onerror='alert("xss")'>

Demo

Demo The request will be reflected by the test page and analyzed by the monitoring service.

Components

  • inference_bert_url.py

    • Standalone CLI tool for testing XSS detection.

  • moniter.py

    • Log monitoring service that reads web server logs and analyzes incoming requests.

  • test_server.py

    • Flask-based demonstration server for testing reflected XSS scenarios.

  • templates/

    • HTML templates used by the Flask demonstration server.

  • static/

    • Static assets (images, CSS, etc.) used by the Flask demonstration server.

Model Files

  • config.json
  • model.safetensors
  • tokenizer.json
  • tokenizer_config.json
  • vocab.txt

Download Repository

To download the entire repository, including the trained model, example server, monitoring utility, templates, and static files:

pip install huggingface_hub

from huggingface_hub import snapshot_download

snapshot_download(
    repo_id="kd7979148/XSS_Payload_Detector"
)

This will download all files contained in the repository.

Framework

  • PyTorch
  • Transformers
Downloads last month
63
Inference Providers NEW
Text Classification
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support