Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

style changes, new general security post, added tools to list, change…

…d titles
  • Loading branch information...
commit 184b537ce03c0bf8f9beba54d9400a35cc3ceda5 1 parent ad3095c
Ramiro Gómez authored November 27, 2011
2  README.md
Source Rendered
@@ -3,5 +3,5 @@
3 3
 Learn more about the tool on the project's [about page](http://www.domxssscanner.com/info/about)
4 4
 
5 5
 ## TODOs
6  
-
  6
+- Make small sticky toolbar style form on top in content pages
7 7
 - Check whether it's possible to have sub directories in templates dir, which worked in Django 0.96 but not in 1.2 (see http://stackoverflow.com/questions/1081949/differences-in-django-template-inheritance-between-0-96-and-1-0) or use a better template engine
24  static/css/style.css
@@ -142,11 +142,11 @@ body, select, input, textarea {
142 142
 }
143 143
 body {
144 144
 font-size:1.1em;
145  
-color:#3d5c3d;
146  
-background: #000; /* old browsers */
147  
-background: -moz-linear-gradient(top, #000 0%, #0a0a0a 100%); /* firefox */
148  
-background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#000), color-stop(100%,#0a0a0a)); /* webkit */
149  
-filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#000', endColorstr='#0a0a0a',GradientType=0 ); /* ie */
  145
+color:#336c3d;
  146
+background: #1c1c1c; /* old browsers */
  147
+background: -moz-linear-gradient(top, #1c1c1c 0%, #0a0a0a 100%); /* firefox */
  148
+background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#1c1c1c), color-stop(100%,#0a0a0a)); /* webkit */
  149
+filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#1c1c1c', endColorstr='#0a0a0a',GradientType=0 ); /* ie */
150 150
 }
151 151
 /* headers (h1,h2,etc) have no default font-size or margin. define those yourself. */
152 152
 h1,h2,h3,h4,h5,h6 {
@@ -159,8 +159,7 @@ textarea {width:100%;height:300px;}
159 159
 p {margin:5px 0;}
160 160
 hr {
161 161
 color:#000;
162  
-border-color: #222;
163  
-background-color: #222;
  162
+background-color: #143C14;
164 163
 height:1px;
165 164
 border:1px;
166 165
 }
@@ -169,11 +168,12 @@ margin: .5em 1em;
169 168
 padding-left: 1em;
170 169
 font-family: monotype;
171 170
 font-style: oblique;
  171
+letter-spacing:.06em;
172 172
 }
173 173
 .title a {
174 174
 font-size:1.3em;
175 175
 text-decoration:none;
176  
-color:#3d5c3d;
  176
+color:#336c3d;
177 177
 }
178 178
 
179 179
 #container {width:960px; margin:0 auto;}
@@ -186,7 +186,7 @@ margin:10px 0 0 0;
186 186
 padding:5px 0;
187 187
 }
188 188
 #page_footer {
189  
-color:#3d5c3d;
  189
+color:#336c3d;
190 190
 font-size:.9em;
191 191
 }
192 192
 /* search form */
@@ -213,7 +213,7 @@ padding:5px;
213 213
 margin: 5px 0;
214 214
 color:#0f0;
215 215
 background: #0a0a0a;
216  
-border: 2px ridge #3d5c3d;
  216
+border: 2px ridge #336c3d;
217 217
 font: 1.18em monospace;
218 218
 }
219 219
 .domxss_sink {background-color:#9B7D00;}
@@ -227,7 +227,9 @@ width: 60%;
227 227
 float:left;
228 228
 margin-left:1em;
229 229
 }
230  
-
  230
+.small {
  231
+font-size:.9em;
  232
+}
231 233
 /*
232 234
  * Non-semantic helper classes: please define your styles before this section.
233 235
  */
2  templates/articles.html
... ...
@@ -1,6 +1,6 @@
1 1
 {% extends 'post.html' %}
2 2
 
3  
-{% block title %}Web Security Articles and Resources | DOM XSS Scanner{% endblock %}
  3
+{% block title %}Articles about DOM based XSS | DOM XSS Scanner{% endblock %}
4 4
 
5 5
 {% block content %}
6 6
 <h2>Articles about DOM based XSS</h2>
6  templates/base.html
@@ -43,11 +43,13 @@ <h1 class="title"><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner
43 43
         <input class="url" name="url" id="url" type="url" value="http://">
44 44
         <input class="button" type="submit" value="Start scan">
45 45
         </form>
46  
-        <p>Discover DOM XSS Security Flaws</p>
  46
+        <p class="small">Discover DOM XSS Security Flaws</p>
  47
+        <hr>
47 48
       </div>
48 49
     </div>
49 50
   </header>
50 51
 
  52
+
51 53
   <div id="main" role="main" class="container_12">
52 54
     <div id="content" class="grid_12">
53 55
     {% block content %}{% endblock %}
@@ -58,7 +60,7 @@ <h1 class="title"><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner
58 60
   {% block featured %}{% endblock %}
59 61
 
60 62
   <footer id="page_footer" class="container_12">
61  
-    <div class="grid_12"><p class="small "><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner</a> is an <a href="https://github.com/yaph/domxssscanner">open source tool</a> for finding potential DOM based XSS security vulnerabilities created by <a href="http://www.ramiro.org/">Ramiro Gómez</a></p></div>
  63
+    <div class="grid_12"><p class="small"><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner</a> is an <a href="https://github.com/yaph/domxssscanner">open source tool</a> for finding potential DOM based XSS security vulnerabilities created by <a href="http://www.ramiro.org/">Ramiro Gómez</a></p></div>
62 64
     <div id="social" class="grid_12">
63 65
       <div class="addthis_toolbox addthis_default_style">
64 66
         <a class="addthis_button_facebook_like" fb:like:layout="button_count"></a>
3  templates/index.html
@@ -22,7 +22,8 @@
22 22
 <ul>
23 23
 <li><a href="/info/articles">DOM XSS articles and resources</a></li>
24 24
 <li><a href="/info/videos">DOM XSS videos</a></li>
25  
-<li><a href="/info/tools">Free Web Security Tools</a></li>
  25
+<li><a href="/info/tools">Free Security Tools</a></li>
  26
+<li><a href="/info/security">General Security Resources</a></li>
26 27
 </ul>
27 28
 </div>
28 29
 
66  templates/security.html
... ...
@@ -0,0 +1,66 @@
  1
+{% extends 'post.html' %}
  2
+
  3
+{% block title %}General Security Resources | DOM XSS Scanner{% endblock %}
  4
+
  5
+{% block content %}
  6
+
  7
+<h2>General Security Resources</h2>
  8
+<p>This page is a list of links to guides, tutorials, blogs, news sites, data bases, and books that cover various aspects of security.</p>
  9
+<hr>
  10
+
  11
+<h3>Security Guides and Tutorials</h3>
  12
+<ul>
  13
+<li><a href="http://code.google.com/p/owasp-development-guide/wiki/Guide">OWASP Development Guide</a></li>
  14
+<li><a href="https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide">OWASP Secure Coding Practices Quick Reference Guide</a></li>
  15
+<li><a href="http://code.google.com/edu/security/">Google Code University Web Security Course</a></li>
  16
+<li><a href="http://google-gruyere.appspot.com/">Web Application Exploits and Defenses</a></li>
  17
+<li><a href="http://www.w3.org/Security/faq/">The World Wide Web Security FAQ</a></li>
  18
+<li><a href="http://code.google.com/p/browsersec/wiki/Main">Browser Security Handbook</a></li>
  19
+<li><a href="http://code.google.com/p/html5security/">html5security - HTML5 Security Cheatsheet</a></li>
  20
+<li><a href="http://googlewebmastercentral.blogspot.com/2011/05/website-security-for-webmasters.html">Website Security for Webmasters at Google Webmaster Central</a></li>
  21
+<li><a href="http://www.smashingmagazine.com/2010/10/18/common-security-mistakes-in-web-applications/">Common Security Mistakes in Web Applications - Smashing Magazine</a></li>
  22
+<li><a href="http://cwe.mitre.org/top25/">CWE - 2010 CWE/SANS Top 25 Most Dangerous Programming Errors</a></li>
  23
+<li><a href="http://shortrecipes.blogspot.com/2010/02/anonymous-browsing-internet-using.html">Anonymous Internet browsing using Ubuntu 9.10, Tor and Firefox | Short IT recipes</a></li>
  24
+<li><a href="http://www.cyberciti.biz/tips/linux-security.html">20 Linux Server Hardening Security Tips</a></li>
  25
+<li><a href="http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html">Hueniverse: Explaining the OAuth Session Fixation Attack</a></li>
  26
+<li><a href="http://php-ids.org/">PHPIDS Web Application Security 2.0</a></li>
  27
+<li><a href="http://ha.ckers.org/xss.html">XSS (Cross Site Scripting) Cheat Sheet</a></li>
  28
+<li><a href="http://www.mvps.org/winhelp2002/hosts.htm">Blocking Unwanted Parasites with a Hosts File</a></li>
  29
+</ul>
  30
+<hr>
  31
+
  32
+<h3>Security News and Information</h3>
  33
+<ul>
  34
+<li><a href="http://www.exploit-db.com/">Exploits Database by Offensive Security</a></li>
  35
+<li><a href="http://blog.fortinet.com/">Fortinet FortiGuard Blog</a></li>
  36
+<li><a href="http://googleonlinesecurity.blogspot.com/">Google Online Security Blog</a></li>
  37
+<li><a href="http://labs.m86security.com/">M86 Security Labs Blog</a></li>
  38
+<li><a href="http://nakedsecurity.sophos.com/">Naked Security | News. Opinion. Advice. Research</a></li>
  39
+<li><a href="http://malwareint.blogspot.com/">Malware Intelligence Blog. A division of MalwareIntelligence</a></li>
  40
+<li><a href="http://blogs.mcafee.com/mcafee-labs">McAfee Labs | Blog Central</a></li>
  41
+<li><a href="https://www.schneier.com/">Schneier on Security</a></li>
  42
+<li><a href="http://www.itworld.com/security">Security | ITworld</a></li>
  43
+<li><a href="http://www.symantec.com/connect/symantec-blogs/sr">Security Blogs Security Response | Symantec Connect Community</a></li>
  44
+<li><a href="http://www.computerworld.com/securitytopics/security">Security Topic Center - Computerworld</a></li>
  45
+<li><a href="http://www.securityfocus.com/vulnerabilities">SecurityFocus Vulnerabilities Search</a></li>
  46
+<li><a href="http://blog.stopbadware.org/">StopBadware.org - StopBadware Blog</a></li>
  47
+<li><a href="http://osvdb.org/">The Open Source Vulnerability Database</a></li>
  48
+<li><a href="http://www.wired.com/threatlevel/">Wired Threat Level</a></li>
  49
+</ul>
  50
+<hr>
  51
+
  52
+<h3>Security Books</h3>
  53
+<ul>
  54
+<li><a href="http://www.amazon.com/gp/product/B005MMUM2W/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=B005MMUM2W">BackTrack 5 Wireless Penetration Testing Beginner's Guide</a></li>
  55
+<li><a href="http://www.amazon.com/gp/product/1441793747/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=1441793747">Ghost in the Wires: My Adventures As the World's Most Wanted Hacker</a></li>
  56
+<li><a href="http://www.amazon.com/gp/product/0071740643/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0071740643">HACKING EXPOSED WEB APPLICATIONS, 3rd Edition</a></li>
  57
+<li><a href="http://www.amazon.com/gp/product/159327288X/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=159327288X">Metasploit: The Penetration Tester's Guide</a></li>
  58
+<li><a href="http://www.amazon.com/gp/product/1597495433/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=1597495433">Seven Deadliest Web Application Attacks (Seven Deadliest Attacks)</a></li>
  59
+<li><a href="http://www.amazon.com/gp/product/0470639539/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0470639539">Social Engineering: The Art of Human Hacking</a></li>
  60
+<li><a href="http://www.amazon.com/gp/product/1118026470/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=1118026470">The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws</a></li>
  61
+<li><a href="http://www.amazon.com/gp/product/0071776168/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=0071776168">Web Application Security, A Beginner's Guide</a></li>
  62
+<li><a href="http://www.amazon.com/gp/product/0596514832/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0596514832">Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast</a></li>
  63
+</ul>
  64
+<hr>
  65
+
  66
+{% endblock %}
50  templates/tools.html
... ...
@@ -1,33 +1,63 @@
1 1
 {% extends 'post.html' %}
2 2
 
3  
-{% block title %}Free Web Security Tools | DOM XSS Scanner{% endblock %}
  3
+{% block title %}Free Web and Network Security Tools | DOM XSS Scanner{% endblock %}
4 4
 
5 5
 {% block content %}
6  
-<h2>Free Web Security Tools</h2>
  6
+<h2>Free Web and Network Security Tools</h2>
7 7
 <p>This page lists free Web security tools that you can use to scan Web sites for security related issues or to protect yourself against attacks.</p>
8 8
 <hr>
9  
-<h3>Web Security Tools for the Desktop</h3>
  9
+<h3>Security Tools for the Desktop</h3>
10 10
 <ul>
11  
-<li><a href="http://w3af.sourceforge.net/">w3af Web Application Attack and Audit Framework</a></li>
12  
-<li><a href="http://code.google.com/p/skipfish/">skipfish web application security scanner</a></li>
13  
-<li><a href="http://www.cirt.net/nikto2">Nikto Open Source web server scanner</a></li>
14  
-<li><a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab security testing on web applications and web services</a></li>
  11
+<li><a href="http://zapotek.github.com/arachni/">Arachni Web Application Security Scanner Framework</a></li>
15 12
 <li><a href="http://www.owasp.org/index.php/JBroFuzz">JBroFuzz web application fuzzer</a></li>
  13
+<li><a href="http://www.alobbs.com/macchanger/">GNU Mac Changer | Alvaro's web site</a></li>
  14
+<li><a href="http://www.gnupg.org/">GNU Privacy Guard - GnuPG.org</a></li>
  15
+<li><a href="http://www.getmantra.com/">Mantra - Free and Open Source Browser based Security Framework</a></li>
  16
+<li><a href="http://www.metasploit.com/">Metasploit Penetration Testing  Software</a></li>
  17
+<li><a href="http://www.cirt.net/nikto2">Nikto Open Source web server scanner</a></li>
16 18
 <li><a href="http://www.parosproxy.org/">Paros web application security assessment</a></li>
17  
-<li><a href="http://zapotek.github.com/arachni/">Arachni Web Application Security Scanner Framework</a></li>
  19
+<li><a href="http://preyproject.com/">Prey - Track down your stolen laptop</a></li>
  20
+<li><a href="http://code.google.com/p/skipfish/">skipfish web application security scanner</a></li>
  21
+<li><a href="http://www.truecrypt.org/">TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux</a></li>
  22
+<li><a href="http://w3af.sourceforge.net/">w3af Web Application Attack and Audit Framework</a></li>
  23
+<li><a href="http://wapiti.sourceforge.net/">Wapiti Web application security auditor</a></li>
  24
+<li><a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab security testing on web applications and web services</a></li>
  25
+<li><a href="http://www.websecurify.com/">Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool</a></li>
18 26
 <li><a href="https://github.com/WebExploitationFramework/wXf">wXf Web Exploitation Framework</a></li>
  27
+<li><a href="http://code.google.com/p/wfuzz/">wfuzz - Web application bruteforcer</a></li>
19 28
 </ul>
20 29
 <hr>
21  
-<h3>Web Security Firefox Add-ons</h3>
  30
+
  31
+<h3>Web based Security Tools</h3>
  32
+<ul>
  33
+<li><a href="http://uptime.netcraft.com/up/graph">Netcraft What's That Site Running Results</a></li>
  34
+<li><a href="http://webscantest.com/">Web Scanner Test Site</a></li>
  35
+</ul>
  36
+<hr>
  37
+
  38
+<h3>Security Firefox Add-ons</h3>
22 39
 <ul>
23 40
 <li><a href="https://addons.mozilla.org/en-US/firefox/addon/noscript/">NoScript run executable code only from trusted domains</a></li>
  41
+<li><a href="http://codebutler.github.com/firesheep/">Firesheep</a></li>
24 42
 </ul>
25 43
 <hr>
26  
-<h3>Web Security Chrome Extensions</h3>
  44
+
  45
+<h3>Security Chrome Extensions</h3>
27 46
 <ul>
28 47
 <li><a href="https://chrome.google.com/extensions/detail/ghgabhipcejejjmhhchfonmamedcbeod?hl=en">Click&amp;Clean Delete your browsing history</a></li>
29 48
 <li><a href="https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en">NotScripts whitelist trusted sites</a></li>
30 49
 </ul>
31 50
 <hr>
32 51
 
  52
+<h3>Other Security Tools Lists</h3>
  53
+<ul>
  54
+<li><a href="https://www.owasp.org/index.php/Phoenix/Tools">Phoenix/Tools - OWASP</a></li>
  55
+<li><a href="https://fedorahosted.org/security-spin/wiki/availableApps">Fedora Security Lab distribution package list</a></li>
  56
+<li><a href="http://sectools.org/web-scanners.html">Top 10 Web Vulnerability Scanners</a></li>
  57
+<li><a href="http://sectools.org/crackers.html">Top 10 Password Crackers</a></li>
  58
+<li><a href="http://www.junauza.com/2008/07/10-best-hacking-and-security-software.html">10 Best Hacking and Security Software Tools for Linux</a></li>
  59
+<li><a href="http://www.junauza.com/2009/06/10-more-hacking-and-security-software.html">10 (More) Hacking and Security Software Tools for Linux</a></li>
  60
+</ul>
  61
+<hr>
  62
+
33 63
 {% endblock %}
2  templates/videos.html
... ...
@@ -1,6 +1,6 @@
1 1
 {% extends 'post.html' %}
2 2
 
3  
-{% block title %}Web Security Videos | DOM XSS Scanner{% endblock %}
  3
+{% block title %}Videos about DOM based XSS | DOM XSS Scanner{% endblock %}
4 4
 
5 5
 {% block content %}
6 6
 <h2>Videos about DOM based XSS</h2>

0 notes on commit 184b537

Please sign in to comment.
Something went wrong with that request. Please try again.