Hugging Face's logo

kd7979148
/
XSS_Payload_Detector

Text Classification
Transformers
Safetensors
English
distilbert
cybersecurity
xss
security
web
payload-detection
web-security
Model card Files
xet
 Community
XSS_Payload_Detector
File size: 2,775 Bytes
f0e28b8
 
 
 
 
 
 
 
 
 
 
 
c29e586
f0e28b8
 
 
 
9feaa8b
f0e28b8
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9feaa8b
f0e28b8
9feaa8b
 
 
 
 
f0e28b8
 
9feaa8b
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
f0e28b8
 
9feaa8b
 
 
 
 
f0e28b8
 
 
 
 
9feaa8b
f0e28b8
9feaa8b
 
 
 
 
 
 
 
 
 
 
 
f0e28b8
0da1a50
9feaa8b
f0e28b8
 
9feaa8b
f0e28b8
 
9feaa8b
f0e28b8
9feaa8b
 
f0e28b8
0da1a50
aa8e8a9
 
0da1a50
9feaa8b
f0e28b8
07435b3
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
f0e28b8
 
 
 
 
 
 
 
8b5a9e8
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
f0e28b8
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
---
language:
- en
pipeline_tag: text-classification
library_name: transformers
tags:
- cybersecurity
- xss
- security
- web
- payload-detection
- text-classification
- web-security
---
# XSS Payload Detector

DistilBERT-based machine learning model for detecting XSS payloads.
This project can be used either as a standalone CLI classifier or as a log-monitoring system that automatically analyzes web server requests and detects potential XSS attacks.

## Labels

| Label | Description |
|---------|-------------|
| NORMAL | Benign input |
| XSS | Potential XSS payload |

## Requirements

```bash
pip install torch
pip install transformers
pip install flask
```

## Features

This project supports two different usage modes.

### 1. CLI Mode

Run:

```bash
python inference_bert_url.py
```

Enter a string or URL directly from the command line.

The model will classify the input as:

- NORMAL
- XSS

and display a confidence score.

Example:

```text
Input:
<script>alert(1)</script>

Result:
XSS
Confidence:
0.9998
```

---

### 2. Log Monitoring Mode

Run the monitoring service:

```bash
python monitor.py
```

The monitor automatically reads web server access logs and analyzes incoming requests.

Detected XSS payloads are logged for further inspection.

This allows the model to be integrated into a web application environment without manually entering payloads.

---

### Test Environment

Run the example Flask server:

```bash
python test_server.py
```
![Demo](photos/xsstest.png)
Then open:

```text
http://127.0.0.1:8080/?q=abcde
```

Example XSS payload:

```text
http://127.0.0.1:8080/?q=<img src='x' onerror='alert("xss")'>
```
![Demo](photos/xssdetect.png)


![Demo](photos/pagetest.png)
The request will be reflected by the test page and analyzed by the monitoring service.

### Components

- `inference_bert_url.py`
  - Standalone CLI tool for testing XSS detection.

- `moniter.py`
  - Log monitoring service that reads web server logs and analyzes incoming requests.

- `test_server.py`
  - Flask-based demonstration server for testing reflected XSS scenarios.

- `templates/`
  - HTML templates used by the Flask demonstration server.

- `static/`
  - Static assets (images, CSS, etc.) used by the Flask demonstration server.

## Model Files

- config.json
- model.safetensors
- tokenizer.json
- tokenizer_config.json
- vocab.txt

## Download Repository

To download the entire repository, including the trained model, example server, monitoring utility, templates, and static files:

```bash
pip install huggingface_hub
```

```python
from huggingface_hub import snapshot_download

snapshot_download(
    repo_id="kd7979148/XSS_Payload_Detector"
)
```
This will download all files contained in the repository.

## Framework

- PyTorch
- Transformers