{"id":13745216,"url":"https://github.com/cure53/Flashbang","last_synced_at":"2025-05-09T05:30:59.864Z","repository":{"id":14403057,"uuid":"17113753","full_name":"cure53/Flashbang","owner":"cure53","description":"Project \"Flashbang\" - An open-source Flash-security helper","archived":false,"fork":false,"pushed_at":"2015-04-19T11:07:27.000Z","size":77009,"stargazers_count":206,"open_issues_count":14,"forks_count":55,"subscribers_count":21,"default_branch":"master","last_synced_at":"2024-10-14T10:58:34.355Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://cure53.de/flashbang","language":"ActionScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cure53.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-02-23T18:22:38.000Z","updated_at":"2024-09-15T02:54:04.000Z","dependencies_parsed_at":"2022-09-11T01:12:37.298Z","dependency_job_id":null,"html_url":"https://github.com/cure53/Flashbang","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FFlashbang","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FFlashbang/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FFlashbang/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FFlashbang/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cure53","download_url":"https://codeload.github.com/cure53/Flashbang/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224819872,"owners_count":17375350,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T05:01:25.097Z","updated_at":"2025-05-09T05:30:59.851Z","avatar_url":"https://github.com/cure53.png","language":"ActionScript","funding_links":[],"categories":["Unsorted"],"sub_categories":["Other API"],"readme":"Flashbang\n=========\n\nWelcome to project \"Flashbang\". This tool is an open-source Flash-security helper with a very specific purpose:\nFind the `flashVars` of a naked SWF and display them, so a security tester can start hacking away without decompiling the code.\n\nFlashbang is built upon [Mozilla's Shumway](http://mozilla.github.io/shumway/) project. It runs in the browser but has a bunch of requirements to work properly. See the links below.\n\nHow To Run Flashbang?\n=====\n\nJust use our public tool and feed it SWF files: https://cure53.de/flashbang\n\nNo files will be ever uploaded to any server, it all happens in the browser. So no worries. \nYou still do worry? Good. You can also install it locally of course. Check below on how to do that.\n\n\nHow to Install Flashbang locally?\n=====\n\nFlashbang is still in alpha stage so things might be a bit edgy there and where. Here's how to setup and run Flashbang (no worries, it takes about 5 minutes to get it running):\n\n+ Clone the repo using the `--recursive` flag, so that all necessary submodules are cloned as well\n+ Ideally clone it into an Apache web-root (or any other web server)\n+ Prepare the environment for Shumway to work properly [Instructions](https://github.com/cure53/Flashbang/wiki/Environment-Setup).\n+ Visit the URL `Flashbang/src/flashbang.html` in Chrome (Firefox has a bug right now, we're on it).\n+ Console to logging is enabled by default. So ideally keep developer tools open.\n+ Run a file by clicking \"Open SWF\"\n+ Flashbang will then show you the flashVars and you can start testing for XSS or alike\n\nTesting Flashbang\n=====\n\nTo play with Flashbang you need Flash files. Obviously. \nIf you don't have any at hands right now, we can offer you a fine selection of vulnerable files right here:\n\nhttps://github.com/cure53/Flashbang/tree/master/flash-files/files\n\nBugs\n=====\n\nFlashbang is very young and basically alpha-level software. And finding flashVars in an SWF has proven to be quite hard. So please don't be disappointed it Flashbang isn't yet working for each and any SWF file out there. If you have a SWF where Flashbang doesn't see the flashVars please file a bug and send us some info. We'll try to fix it asap.\n\nCredits\n=====\n\nFlashbang was specified and sponsored by Cure53, built by Bharadwaj Machiraju - the Cure53 summer intern and wouldn't exist without the help of Mozilla Research and their amazing Shumway project. Now here's some links you can click:\n\n * https://cure53.de/\n * https://github.com/tunnelshade\n * https://www.mozilla.org/en-US/research/\n * http://mozilla.github.io/shumway/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcure53%2FFlashbang","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcure53%2FFlashbang","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcure53%2FFlashbang/lists"}