Active Test / Cross Site Scripting

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

https://www.blstsecurity.com/cherrybomb

Apache License 2.0

1.12k stars 78 forks source link

Active Test / Cross Site Scripting #74

Open DeliciousBounty opened 2 years ago

DeliciousBounty commented 2 years ago

We are looking for contributors!

Needed: new active test. This active test, checks and verifies if an API is vulnerable to reflected XSS. Take in consideration that the test does not brute force every parameter on the API against XSS but only test parameter that can potentially vulnerable to XSS. For more details please check OWASP.

dajneem23 commented 1 year ago

how do i start testing?

DeliciousBounty commented 1 year ago

Hi @dajneem23, You can follow the contribute.md file, take in consideration that we are checking only for reflected XSS. If you have more questions does not hesitate to contact me. nathan.s@blstsecurity.com