https://github.com/bugbountyforum/XSS-Radar
https://github.com/bugbountyforum/XSS-Radar
Last synced: 7 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/bugbountyforum/XSS-Radar
- Owner: bugbountyforum
- License: other
- Created: 2017-06-08T19:08:35.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2018-01-08T21:17:44.000Z (almost 8 years ago)
- Last Synced: 2024-11-03T07:33:13.379Z (about 1 year ago)
- Language: JavaScript
- Size: 214 KB
- Stars: 318
- Watchers: 22
- Forks: 48
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-bugbounty-tools - XSS-Radar - XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities. (Exploitation / XSS Injection)
- awesome-hacking-lists - bugbountyforum/XSS-Radar - (JavaScript)
README
Cross-site scripting discovery
A Chrome extension for fast and easy XSS fuzzing
[](https://github.com/bugbountyforum/XSS-Radar/issues)
[](https://twitter.com/intent/tweet?text=XSS%20Radar:%20https://github.com/bugbountyforum/XSS-Radar&url=https://github.com/bugbountyforum/XSS-Radar%5Bobject%20Object%5D)
XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
It's also the first tool developed by the Bug Bounty Forum community!
## How do I install it?
At present, we're only supporting the widely used **Google Chrome**. XSS Radar takes the form of a browser extension, so we hope to support Firefox in the future.
1. First, `git clone https://github.com/bugbountyforum/XSS-Radar`
2. Visit `chrome://extensions/`
3. Enable Developer Mode via the checkbox
4. Select "Load Unpacked Extension"
5. Finally, locate and select the inner `extension` folder
## How do I use it?
Visit a target page, open the extension and select **Fuzz!**
### Contexts and tests
We've developed contexts – and their respective tests – in a fully modular fashion. By doing so, we've made it easy to contribute new methodologies to Radar's Scanner module.
**Contexts** are found in `contexts.js` (inside `extension/src/payloads/`). Upon fuzzing, the Scanner searches for applicable contexts on the target and deploys the right payloads. For instance, link-based XSS bugs often rely on injection within the `href` attribute, so we've added a context which specifically matches against these:
```
{
'type': 'a', // link/anchor type
'matches': ['href'], // URI attribute
'file': 'link.js' // payload file
}
```
**Tests** are found within the `playground` subdirectory. The XSS Playground contains a variety of cross-site scripting scenarios designed to support development and ensure Radar's effectiveness. At present, we test for classic vectors, JavaScript injection, tag breakouts, and templating vulnerabilities.
### Payloads
We've integrated the following reflected payload classes. These can be found in extension/src/payloads.
* AngularJS [template injection](http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html)
* All versions with a vulnerable Expression Sandbox are supported
* Link-based URIs
* Script injections
* Generic tag strings
## Contributors
XSS Radar is a Bug Bounty Forum project with the following contributors. It's community-driven, and we truly appreciate your [contributions](https://github.com/bugbountyforum/XSS-Radar/blob/master/CONTRIBUTING.md)!
* Ibram Marzouk
* Anshuman Bhartiya
* Rafal Janicki
* Jack Cable
* Filipe Reis
* gradius
* Olivier beg
* Yasin Soliman
## FAQ
### Can I use my own payloads?
Yes, you can add your own payloads in [extension/src/payloads](https://github.com/bugbountyforum/XSS-Radar/tree/master/extension/src/payloads).
### What types of XSS does XSS Radar detect?
XSS Radar detects reflected XSS. Self-XSS, DOM based XSS and stored XSS cannot be detected with this extension.