项目作者: p4p1

项目描述 :
A cross site scripting command and control notification server
高级语言: JavaScript
项目地址: git://github.com/p4p1/xss_bomb.git
创建时间: 2020-10-24T01:29:08Z
项目社区:https://github.com/p4p1/xss_bomb

开源协议:GNU General Public License v3.0

下载


XSS_BOMB

Test website security with ease.

xss_bomb

xss_bomb is a backend made to notify you when your xss payload is executed
on a remote target and you do not have the luxury of directly knowing when the
payload is ran on a target device. You can download the app for free in the
release page. You can also contribute, if you wish to learn more about this
app and it’s api navigate to the wiki. DO NOT USE THIS SERVICE FOR ILLEGAL
PURPOSES.

Installation (Server | API)

For the server you can create your own instance and host it online using docker.
It can be local or private / public if you decide to share the link or not you can edit
the public-instance.json file and send a pull request if you wish to be featured as a
server on the list during startup of the app :)

Application Programming Interface Documentation

The API documentation is available inside of the wiki and on postman here

Project architecture

  1. xss_bomb/
  2. ├── app/ # The source code of the front-end app
  3. └── [React Native Source Code]
  4. ├── assets/ # Image files for the logo and such
  5. └── [Images]
  6. ├── backend/ # The source code of the back-end
  7. └── [Node Js Source Code]
  8. ├── data/ # Folder containing the main database
  9. └── [MongoDB Raw Files]
  10. ├── redis/ # Folder containing the database for the refresh tokens
  11. └── [Redis Raw Files]
  12. ├── logs/ # Folder containing the log file with every requests
  13. └── xss_bomb.log
  14. ├── docker-compose.yml # The Docker file used to launch the database and back-end
  15. ├── LICENSE
  16. ├── public_instances.json # The file with approved servers that can be used by the front-end
  17. └── README.md

Privacy and other things

If you dont want someone seeing your requests and data do not use a public instance I host
my personnal instance on xss.leosmith.wtf it does not allow you to create accounts since I don’t
wan’t to be seeing your bits on my db instance but you can publish your own instance publicly if you
want and I’ll add them to the public list if you message me.

Screenshots

image