Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
github.com/ac0d3r/xssfinder
基于 chrome headless
的 XSS 漏洞发现工具。
它的主要特性有:
JavaScript
源码,Hook关键点,利用污点分析检出 Dom-Based XSS被动代理
, (即将支持主动爬虫扫描
)...dingbot
, ...go install github.com/Buzz2d0/xssfinder/cmd/xssfinder@latest
前往 releases 下载合适的版本然后从命令行运行即可。
$ ./xssfinder
NAME:
xssfinder - XSS discovery tool
USAGE:
xssfinder [global options] command [command options] [arguments...]
VERSION:
v0.1.0
COMMANDS:
mitm Passive agent scanning
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -d enable debug mode (default: false)
--verbose, --vv enable very-verbose mode (default: false)
--notifier-yaml value set notifier yaml configuration file
--outjson set logger output json format (default: false)
--exec value, -e value set browser exec path
--noheadless disable browser headless mode (default: false)
--incognito enable browser incognito mode (default: false)
--proxy value set proxy and all traffic will be routed from the proxy server through
--help, -h show help (default: false)
--version, -v print the version (default: false)
使用示例:
# 启动被动扫描(中间人)模式,默认监听 127.0.0.1:8222
# 下载并信任证书 http://xssfinder.ca
./xssfinder mitm
notifier.yaml 模版:
dingbot:
token: xxx
secret: xxxx
# --notifier-yaml 指定通知机器人配置
./xssfinder --notifier-yaml notifier.yaml mitm
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.