A tool that creates trackable XSS payloads and listens for evidence that theyve been detonated somewhere within a target environment. The tool is designed to be there when it finally gets triggered. This could be used for long-term attack campaigns against organizations, where you could tag the payloads according to victim, and just wait for them to pop. This helps good guys, and it could also help bad guys. Thats the double-edge of security research. It sucks, but that’s just reality.”]
Source: https://danielmiessler.com/blog/the-sleepy-puppy-xss-payload-management-framework/