xss_bomb icon indicating copy to clipboard operation
xss_bomb copied to clipboard

Published 20 hours ago verified publisher icon p4p1

Metadata

A cross site scripting command and control notification server

XSS_BOMB

Test website security with ease.

xss_bomb

xss_bomb is a mobile app made to notify you when your xss payload is executed on a remote target and you do not have the luxury of directly knowing when the payload is ran on a target device. You can download the app for free in the release page. You can also contribute, if you wish to learn more about this app and it's api navigate to the wiki. DO NOT USE THIS SERVICE FOR ILLEGAL PURPOSES.

Installation (Phone)

You can help me out by buying this app on the android play store for $2 or you can download for free from the releases page :) I keep the releases updated as much as the play store version. There is no benefit or advantage to paying for this app other than helping me out.

Installation (Server | API)

For the server you can create your own instance and host it online using docker. It can be local or private / public if you decide to share the link or not you can edit the public-instance.json file and send a pull request if you wish to be featured as a server on the list during startup of the app :)

Application Programming Interface Documentation

The API documentation is available inside of the wiki and on postman here

Project architecture

xss_bomb/
├── app/                    # The source code of the front-end app
│   └── [React Native Source Code]
├── assets/                 # Image files for the logo and such
│   └── [Images]
├── backend/                # The source code of the back-end
│   └── [Node Js Source Code]
├── data/                   # Folder containing the main database
│   └── [MongoDB Raw Files]
├── redis/                  # Folder containing the database for the refresh tokens
│   └── [Redis Raw Files]
├── logs/                   # Folder containing the log file with every requests
│   └── xss_bomb.log
├── docker-compose.yml      # The Docker file used to launch the database and back-end
├── LICENSE
├── public_instances.json   # The file with approved servers that can be used by the front-end
└── README.md

Privacy and other things

If you dont want someone seeing your requests and data do not use a public instance I host my personnal instance on leosmith.xyz and I decided to make it public for people to try out the app. If you dont trust me. Don't use my instance spin up yours and connect to it.

Screenshots

Metadata

18
Stars
0
Forks
Watchers

Owner

verified publisher icon p4p1

Metadata

A cross site scripting command and control notification server

Back