{"id":13542280,"url":"https://github.com/vavkamil/XSSwagger","last_synced_at":"2025-04-02T09:33:30.272Z","repository":{"id":56797544,"uuid":"198877400","full_name":"vavkamil/XSSwagger","owner":"vavkamil","description":"A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks","archived":false,"fork":false,"pushed_at":"2019-08-30T08:53:27.000Z","size":13,"stargazers_count":55,"open_issues_count":2,"forks_count":14,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-03T07:33:14.063Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vavkamil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://www.blockchain.com/btc/address/1Hx7eLzzUyAqM6k8d8AVffCVYeFv7b2sw7"]}},"created_at":"2019-07-25T17:49:03.000Z","updated_at":"2024-10-29T13:26:22.000Z","dependencies_parsed_at":"2022-08-16T20:30:51.946Z","dependency_job_id":null,"html_url":"https://github.com/vavkamil/XSSwagger","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vavkamil%2FXSSwagger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vavkamil%2FXSSwagger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vavkamil%2FXSSwagger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vavkamil%2FXSSwagger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vavkamil","download_url":"https://codeload.github.com/vavkamil/XSSwagger/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246789319,"owners_count":20834274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T10:01:03.934Z","updated_at":"2025-04-02T09:33:29.925Z","avatar_url":"https://github.com/vavkamil.png","language":"Python","readme":"# XSSwagger\nSwagger-ui XSS scanner\n\nA simple scanner that can find old versions of Swagger-ui vulnerable to various XSS attacks\n\n#### XSS Vulnerabilities\nhttps://snyk.io/vuln/npm:swagger-ui\n\n#### Detecting Swagger UI version\nhttps://github.com/swagger-api/swagger-ui/blob/master/docs/usage/version-detection.md\n\n\n## Usage\n\n```\nvavkamil@localhost:~/Documents/Python/XSSwagger$ python3 xsswagger.py \n    ) (   (                                    \n ( /( )\\ ))\\ )                                 \n )\\()|()/(()/((  (      ) (  ( (  (    (  (    \n((_)\\ /(_))(_))\\))(  ( /( )\\))()\\))(  ))\\ )(   \n__((_|_))(_))((_)()\\ )(_)|(_))((_))\\ /((_|()\\  \n\\ \\/ / __/ __|(()((_|(_)_ (()(_|()(_|_))  ((_) \n \u003e  \u003c\\__ \\__ \\ V  V / _` / _` / _` |/ -_)| '_| \n/_/\\_\\___/___/\\_/\\_/\\__,_\\__, \\__, |\\___||_|   \n                         |___/|___/\n\nusage: xsswagger.py [-h] (-d DOMAIN | -D DOMAINS) [-w WORDLIST] [-t THREADS]\nxsswagger.py: error: one of the arguments -d -D is required\n```\n\n## Example\n\n```\nvavkamil@localhost:~/Documents/Python/XSSwagger$ python3 xsswagger.py -D test.txt\n    ) (   (                                    \n ( /( )\\ ))\\ )                                 \n )\\()|()/(()/((  (      ) (  ( (  (    (  (    \n((_)\\ /(_))(_))\\))(  ( /( )\\))()\\))(  ))\\ )(   \n__((_|_))(_))((_)()\\ )(_)|(_))((_))\\ /((_|()\\  \n\\ \\/ / __/ __|(()((_|(_)_ (()(_|()(_|_))  ((_) \n \u003e  \u003c\\__ \\__ \\ V  V / _` / _` / _` |/ -_)| '_| \n/_/\\_\\___/___/\\_/\\_/\\__,_\\__, \\__, |\\___||_|   \n                         |___/|___/\n\n[i] Scanning multiple domains: test.txt\n[i] Domains in a list: 5\n\n****************************************************************************************************\n****************************************************************************************************\n\n[ Redirect ] https://dev.fitbit.com/build/reference/web-api/explore -\u003e https://dev.fitbit.com/build/reference/web-api/explore/\n[ 200 ] [ Swagger UI ] https://dev.fitbit.com/build/reference/web-api/explore/\n[ Version ] 3.19.2 detected!\n\n[ Vulnerable ] version 3.19.2 detected!\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003c3.20.9\n[ Published ] 14 Jun, 2019\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921\n\n****************************************************************************************************\n****************************************************************************************************\n\n[ 200 ] [ API Documentation ] https://promo-services-staging.brave.com/documentation\n[ Version ] 2.1.4 detected!\n\n[ Vulnerable ] version 2.1.4 detected!\n----------------------------------------------------------------------------------------------------\n[ Severity ] High\n[ Vulnerable ] \u003c2.2.1\n[ Published ] 25 Jul, 2016\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/npm:swagger-ui:20160725\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003c2.2.3\n[ Published ] 13 Mar, 2017\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/npm:swagger-ui:20160901\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003e=3.0.0 \u003c3.0.13\n[ Published ] 16 Jun, 2019\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449941\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003c3.4.2\n[ Published ] 25 Dec, 2017\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/npm:swagger-ui:20171031\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003c3.18.0\n[ Published ] 13 Jun, 2019\n[ Vulnerability ] Reverse Tabnabbing\n[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449808\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003c3.20.9\n[ Published ] 14 Jun, 2019\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921\n\n****************************************************************************************************\n****************************************************************************************************\n\n[ 200 ] [ Swagger UI ] https://api.hitbtc.com/api/2/explore/\n[ Version ] 3.19.5 detected!\n\n[ Vulnerable ] version 3.19.5 detected!\n----------------------------------------------------------------------------------------------------\n[ Severity ] Medium\n[ Vulnerable ] \u003c3.20.9\n[ Published ] 14 Jun, 2019\n[ Vulnerability ] Cross-site Scripting (XSS)\n[ Detail ] https://snyk.io/vuln/SNYK-JS-SWAGGERUI-449921\n\n****************************************************************************************************\n****************************************************************************************************\n\n[ 200 ] [ Swagger UI ] https://console.cloud.vmware.com/csp/gateway/slc/api/swagger-ui.html\n[ Version ] Idk, please check manually!\n\n[ Done ] Don't be evil!\n\n\n```\n","funding_links":["https://www.blockchain.com/btc/address/1Hx7eLzzUyAqM6k8d8AVffCVYeFv7b2sw7"],"categories":["Exploitation"],"sub_categories":["XSS Injection"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvavkamil%2FXSSwagger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvavkamil%2FXSSwagger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvavkamil%2FXSSwagger/lists"}