├── .github └── workflows │ ├── release.md │ └── release.yml ├── .gitignore ├── LICENSE ├── README.md ├── cmd └── xssfinder │ └── xssfinder.go ├── docs ├── bypass-headless-detect.png ├── dingbot-demo.png ├── logo.png ├── mitm-demo.png └── notify-demo.png ├── go.mod ├── go.sum ├── internal ├── app │ └── app.go ├── logger │ ├── logger.go │ └── logger_test.go ├── options │ └── options.go └── runner │ ├── runner.go │ └── worker.go ├── pkg ├── chrome │ ├── browser │ │ ├── browser.go │ │ └── browser_test.go │ ├── bypass │ │ ├── bypass.go │ │ ├── bypass_test.go │ │ └── stealth.min.js │ ├── cookies │ │ └── cookies.go │ └── xss │ │ ├── checker │ │ ├── checker.go │ │ └── checker_test.go │ │ └── dom │ │ ├── dom.go │ │ ├── dom_test.go │ │ ├── fuzz.go │ │ ├── fuzz_test.go │ │ ├── hookparse.go │ │ ├── hookparse_test.go │ │ └── preload.js ├── httpdump │ ├── http.go │ ├── http_test.go │ └── httpdump.go ├── mix │ ├── mixpayloads.go │ └── mixpayloads_test.go ├── notify │ ├── dingbot │ │ ├── dingbot.go │ │ └── dingbot_test.go │ ├── notify.go │ └── notify_test.go ├── parser │ ├── html │ │ ├── html.go │ │ ├── html_test.go │ │ ├── search.go │ │ └── search_test.go │ └── javascript │ │ ├── variable.go │ │ └── variable_test.go └── proxy │ ├── ca.go │ ├── cert │ ├── gen.go │ └── gen_test.go │ ├── mitm.go │ ├── util.go │ ├── util_test.go │ ├── xssfinder.ca.cert │ └── xssfinder.ca.key └── tests ├── demo ├── dom_eval.html └── dom_hookconvt.html └── notifier-temp.yaml /.github/workflows/release.md: -------------------------------------------------------------------------------- 1 | # 更新说明 2 | - 支持 window.Storage 来源检测 -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/README.md -------------------------------------------------------------------------------- /cmd/xssfinder/xssfinder.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/cmd/xssfinder/xssfinder.go -------------------------------------------------------------------------------- /docs/bypass-headless-detect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/docs/bypass-headless-detect.png -------------------------------------------------------------------------------- /docs/dingbot-demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/docs/dingbot-demo.png -------------------------------------------------------------------------------- /docs/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/docs/logo.png -------------------------------------------------------------------------------- /docs/mitm-demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/docs/mitm-demo.png -------------------------------------------------------------------------------- /docs/notify-demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/docs/notify-demo.png -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/go.sum -------------------------------------------------------------------------------- /internal/app/app.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/internal/app/app.go -------------------------------------------------------------------------------- /internal/logger/logger.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/internal/logger/logger.go -------------------------------------------------------------------------------- /internal/logger/logger_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/internal/logger/logger_test.go -------------------------------------------------------------------------------- /internal/options/options.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/internal/options/options.go -------------------------------------------------------------------------------- /internal/runner/runner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/internal/runner/runner.go -------------------------------------------------------------------------------- /internal/runner/worker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/internal/runner/worker.go -------------------------------------------------------------------------------- /pkg/chrome/browser/browser.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/browser/browser.go -------------------------------------------------------------------------------- /pkg/chrome/browser/browser_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/browser/browser_test.go -------------------------------------------------------------------------------- /pkg/chrome/bypass/bypass.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/bypass/bypass.go -------------------------------------------------------------------------------- /pkg/chrome/bypass/bypass_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/bypass/bypass_test.go -------------------------------------------------------------------------------- /pkg/chrome/bypass/stealth.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/bypass/stealth.min.js -------------------------------------------------------------------------------- /pkg/chrome/cookies/cookies.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/cookies/cookies.go -------------------------------------------------------------------------------- /pkg/chrome/xss/checker/checker.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/checker/checker.go -------------------------------------------------------------------------------- /pkg/chrome/xss/checker/checker_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/checker/checker_test.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/dom.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/dom.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/dom_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/dom_test.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/fuzz.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/fuzz.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/fuzz_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/fuzz_test.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/hookparse.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/hookparse.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/hookparse_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/hookparse_test.go -------------------------------------------------------------------------------- /pkg/chrome/xss/dom/preload.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/chrome/xss/dom/preload.js -------------------------------------------------------------------------------- /pkg/httpdump/http.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/httpdump/http.go -------------------------------------------------------------------------------- /pkg/httpdump/http_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/httpdump/http_test.go -------------------------------------------------------------------------------- /pkg/httpdump/httpdump.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/httpdump/httpdump.go -------------------------------------------------------------------------------- /pkg/mix/mixpayloads.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/mix/mixpayloads.go -------------------------------------------------------------------------------- /pkg/mix/mixpayloads_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/mix/mixpayloads_test.go -------------------------------------------------------------------------------- /pkg/notify/dingbot/dingbot.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/notify/dingbot/dingbot.go -------------------------------------------------------------------------------- /pkg/notify/dingbot/dingbot_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/notify/dingbot/dingbot_test.go -------------------------------------------------------------------------------- /pkg/notify/notify.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/notify/notify.go -------------------------------------------------------------------------------- /pkg/notify/notify_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/notify/notify_test.go -------------------------------------------------------------------------------- /pkg/parser/html/html.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/parser/html/html.go -------------------------------------------------------------------------------- /pkg/parser/html/html_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/parser/html/html_test.go -------------------------------------------------------------------------------- /pkg/parser/html/search.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/parser/html/search.go -------------------------------------------------------------------------------- /pkg/parser/html/search_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/parser/html/search_test.go -------------------------------------------------------------------------------- /pkg/parser/javascript/variable.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/parser/javascript/variable.go -------------------------------------------------------------------------------- /pkg/parser/javascript/variable_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/parser/javascript/variable_test.go -------------------------------------------------------------------------------- /pkg/proxy/ca.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/ca.go -------------------------------------------------------------------------------- /pkg/proxy/cert/gen.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/cert/gen.go -------------------------------------------------------------------------------- /pkg/proxy/cert/gen_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/cert/gen_test.go -------------------------------------------------------------------------------- /pkg/proxy/mitm.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/mitm.go -------------------------------------------------------------------------------- /pkg/proxy/util.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/util.go -------------------------------------------------------------------------------- /pkg/proxy/util_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/util_test.go -------------------------------------------------------------------------------- /pkg/proxy/xssfinder.ca.cert: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/xssfinder.ca.cert -------------------------------------------------------------------------------- /pkg/proxy/xssfinder.ca.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/pkg/proxy/xssfinder.ca.key -------------------------------------------------------------------------------- /tests/demo/dom_eval.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/tests/demo/dom_eval.html -------------------------------------------------------------------------------- /tests/demo/dom_hookconvt.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/tests/demo/dom_hookconvt.html -------------------------------------------------------------------------------- /tests/notifier-temp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ac0d3r/xssfinder/HEAD/tests/notifier-temp.yaml --------------------------------------------------------------------------------