labxss

package module

v0.0.0-...-be38885 Latest Latest Go to latest Published: Sep 11, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/murtaza-u/lab-xss

Links

Open Source Insights

README ¶

Simple Cross-Site Scripting Lab

App

Application vulnerable to XSS.

Attacker

Attacker has only one endpoint '/', which listens for incoming connections and logs all the query parameters to stdout.

Setup

With Docker

Starting the vulnerable application

docker run -it \
    -e PORT=8080 \
    -e JWT_SECRET="$(head -c 50 /dev/urandom | base64)" \
    -p 8080:8080 \
    murtazau/lab-xss app

Starting the attacker

docker run -it \
    -e ATTACKER_PORT=5000 \
    -p 5000:5000 \
    murtazau/lab-xss attack

Without Docker

git clone github.com/murtaza-u/lab-xss
cd lab-xss
go build -o lab-xss cmd/lab-xss/main.go

Starting the vulnerable application

export JWT_SECRET="$(head -c 50 /dev/urandom | base64)"
export PORT=8080
./lab-xss app

Starting the attacker

export ATTACKER_PORT=5000
./lab-xss attack

Documentation ¶

Index ¶

Variables

Constants ¶

This section is empty.

Variables ¶

View Source

var Cmd = &Z.Cmd{
	Name:        "lab-xss",
	Description: "Simple XSS lab",
	Summary:     "Simple XSS lab",
	Commands:    []*Z.Cmd{help.Cmd, appCmd, attackCmd},
}

Functions ¶

This section is empty.

Types ¶

This section is empty.

Source Files ¶

View all Source files

cmd.go

Directories ¶

Path	Synopsis
attack
cmd
lab-xss
db
id
ip
post
user

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL