https://github.com/hoodoer/JS-Tap

JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post exploitation implant.

The payload does not require the targeted user running the payload to be authenticated to the application being attacked, and it does not require any prior knowledge of the application beyond finding a way to get the JavaScript into the application.

https://gist.github.com/0xdevalias/d8b743efb82c0e9406fc69da0d6c6581