XSServe is a shameless copy of heavily inspired by the XSSHunter project (by @IAmMandatory), rewritten in Go.
The project is in a VERY bare bone state right now, so if you want a prime experience, use other tools.
NOTE: only basic authentication is supported for the UI for now.
The initial goal is to allow users to use the same service, but in a self-contained way for lazy penetration testers, like myself.
The final goal is still unclear as the project might evolve as different needs arise.
This project requires at least golang >= 1.16
, as it makes use of the embed
package.
To run the project:
go run main.go [options]
To build it:
go build xsserve
Currently I'd love some help with:
- UI/UX: in case it wasn't obvious by the look of it, the UI is pretty ugly. I wouldn't mind a skilled UI designer to do a nice looking interface to ease the usage and look... well... good.
- Developers: I am currently working on this project as I learn Go, in the little free time I have, I am by no means a developer so any advice is appreciated, without overly complicating the project.
- Logo: cause every cool project has a logo.
If you want to get in touch hit me up on twitter or matrix!
Here is a list of TODO I have handy, there is much more to do:
- Basic functionality
- Replace DB
- Dashboard
- Decent UI
- Logo
- Dynamic blind.js file
- blind.js other fixes / simplify code
- Dynamic hook.js file
- Allow custom files served by /c
- Self-signed HTTPS certificate on startup
- Minor mimetype issues
- Better report details page
- Export reports to md file
- Secure code review
- Custom error pages
- Moar payloads
- Obfuscate payloads if requested
- Integrated GeoIP for nonsense IP localization with minimap :)