A cyber-sec tool to be used responsibly in identifying XSS vulnerabilities

Related tags

Learning resource Breach
Overview

license version lastcommit gitcontribute gitstars​ gitforks

Visit the Breach website here

Table of Contents

About

Breach is an electron-based Cybersecurity application intended to keep front-ends safe without doing damage.

• One click for URL security test.

• Saves history of previous tests

• Customizable settings on color and font sizes for better user experience.

Getting Started

Download Breach and BreachServer

The application can be downloaded for windows or mac (Linux option for packaging from codebase is not confirmed.)

  • For Mac OSX, right click on the downloaded file and click open.
  • For Windows users, simply open the .exe file to begin.

The server can be forked and cloned to your local machine. Once it has been cloned, navigate to the correct folder in your terminal and

  • Type the following:

npm install

npm start

Once you have these two items up and running you can get started or use our demo to learn more. We suggest changing the color of the application to your preference first.

Demo

Once you have opened Breach and BreachServer...

Scan URL

Upon entering a URL the app sends out a request to the server, running tests for instances of innerHTML in the code, cookies and some XSS tests.

Writing the URL for testing XSS

  • The URL must be formatted for a search query (have "q=") in order for the XSS tests to be run.

image

Results

When the app is finished loading, it will print your results.

  • Click on the defend logo to learn more about how to defend your app.

image

History

  • You may view the history of results, change how many are shown, delete history items, or check out how to defend from attacks in the History tab of the application.

image

Settings

  • From the settings page you can change the color of the application to one of five different settings, as well as change the font size on the pages.

image

Looking Ahead

Breach is currently in its first release. The features we would like to implement in the future are:

  • Testing for SQL injection and DOS susceptibility.
  • Ability to export data for future use.
  • Display of active ports running on the server.
  • Integrate server into app.
  • Linux installer.

Contributors

Jason Yoon @Jason Yoon

Tommy Edmunds @Tommy Edmunds

Michael Geismar @michaelgeismar

License

MIT -- see LICENSE.md file for more details.

This product is accelerated by OS Labs.

You might also like...

An `og:image` (social card) generator that is fast, browser-less (no Puppeteer), and capable of running on the edge. This package is designed to be used with Cloudflare Workers (but may be used elsewhere), with the simple API inspired by `@vercel/og`.

Cloudflare Workers OG Image Generator Using Vercel's Satori engine, and many credits to @vercel/og for the inspiration. An og:image (social card) gene

Jan 8, 2023

Macaron is an open-source design tool to visually create Web Components, which can be used in most Web frameworks, or in vanilla HTML/JavaScript

Macaron is an open-source design tool to visually create Web Components, which can be used in most Web frameworks, or in vanilla HTML/JavaScript

Macaron is an open-source design tool to visually create Web Components, which can be used in most Web frameworks, or in vanilla HTML/JavaScript

Dec 29, 2022

A CLI tool to create a NodeJS project with TypeScript CTSP is a CLI tool to make easier to start a new NodeJS project and configure Typescript on it.

A CLI tool to create a NodeJS project with TypeScript CTSP is a CLI tool to make easier to start a new NodeJS project and configure Typescript on it.

CTSP- Create TS Project A CLI tool to create a NodeJS project with TypeScript CTSP is a CLI tool to make easier to start a new NodeJS project and conf

Sep 13, 2022

Youtube Summarizer is a web-based tool that uses ChatGPT to automatically generate summaries of YouTube videos. It lets you learn key points quickly and easily without having to watch entire lengthy videos. It is enough for users to paste the YouTube video URL into the tool and summarize the video.

Youtube Summarizer is a web-based tool that uses ChatGPT to automatically generate summaries of YouTube videos. It lets you learn key points quickly and easily without having to watch entire lengthy videos. It is enough for users to paste the YouTube video URL into the tool and summarize the video.

YOUTUBE SUBTİTLE SUMMARIZER youtubesummarizer.tech Summarizer is a web-based tool that uses ChatGPT to automatically generate summaries of YouTube vid

Aug 12, 2023

A free book that talks about design patterns/techniques used while developing with React.

React in patterns 📚 A free book that talks about design patterns/techniques used while developing with React. Book GitBook Web PDF Mobi ePub Translat

Dec 30, 2022

An informal website of the alternative of KdB, an curriculum planning support system used in University of Tsukuba

alternative-tsukuba-kdb An informal website of the alternative of KdB, a curriculum planning support system used in University of Tsukuba. This reposi

Nov 25, 2022

Functions Recipes is a library of examples to help you getting started with Salesforce Functions and get used to their main features.

Functions Recipes is a library of examples to help you getting started with Salesforce Functions and get used to their main features.

Functions Recipes Introduction Salesforce Functions lets you use the Salesforce Platform for building event-driven, elastically scalable apps and expe

Dec 29, 2022

Make sure a specific version and package-manger to be used in project.

pm-keeper A simple way to force package-manager in your project. usage Add a preinstall script in your project's package.json, link this: { "scripts

Sep 25, 2022

Nftix-demo-ui - Demo UI used in my NFT course on Egghead.io

NFTix Demo UI This repository contains the UI used for my Egghead course on building a NFT ticketing system 🥚 🤓 If you're watching the videos, use t

Dec 17, 2022
Comments
  • Tommy

    Tommy

    Completed cookie tester, xss Jquery and xss Javacsript. Stored in the webscraper object and accessible there. Checks cookies for httpOnly functionality to make sure they're secure and less intercept-able.

    opened by tommyedmunds 0
Owner
OSLabs Beta
OSLabs Beta
GitHub
🦔 Cyber-weapon against Putin.

This is a Next.js project bootstrapped with create-next-app. Getting Started First, run the development server: npm run dev # or yarn dev Open http://

Artem Tamoian 7 Sep 14, 2022
CYBER-X 1.5

CYBER-X TESTING WHATSAPP BOT QR Link https://replit.com/@darkalphaxteam/CYBER-X-MD-SCANNER?output%20only=1&lite=1#index.js Deploy Link Template https:

DARK_ALPHA_XTEAM 14 Nov 26, 2022
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.

DahuaLoginBypass Chrome extension that uses vulnerability CVE-2021-33044 to log in to Dahua IP cameras and VTH/VTO (video intercom) devices without au

null 71 Nov 26, 2022
@nodesecure/ci brings together a set of tools to identify dependencies vulnerabilities and track most common malicious code and patterns

NodeSecure CI Action @nodesecure/ci brings together a set of tools to identify dependencies vulnerabilities and track most common malicious code and p

null 7 Jul 29, 2022
Improve the security of your API by detecting common vulnerabilities as defined by OWASP and enforced with Spectral.

Spectral OWASP API Security Scan an OpenAPI document to detect security issues. As OpenAPI is only describing the surface level of the API it cannot s

Stoplight 23 Dec 8, 2022
The leaderboard website displays scores submitted by different players. It also allows you to submit your score. All data is preserved thanks to an external API. Technologies used are JavaScript(ES6), HTML5, CSS3, Webpack. Also, the Gitflow workflow was used.

Leaderboard The leaderboard website displays scores submitted by different players. It also allows you to submit your score. All data is preserved tha

Ricky Mormor 4 Apr 20, 2022
Twitter Text Libraries. This code is used at Twitter to tokenize and parse text to meet the expectations for what can be used on the platform.

twitter-text This repository is a collection of libraries and conformance tests to standardize parsing of Tweet text. It synchronizes development, tes

Twitter 2.9k Jan 8, 2023
The Taste food web app is our JavaScript capstone project, Taste food is a web application based on an external food API, showing data about Italian foods and we used Used involvement API to record the different user interactions (likes, comments).

taste-food The Taste food web app is our JavaScript capstone project, Taste food is a web application based on an external food API TheMealDB, showing

Kyrillos Hany 14 Aug 10, 2022
this is a single-page web application. we built a book website where the user can add , remove and display books. we used modules to implement these functionalities. also, we used the Date class to display the date and time.

Awsome Books In this Project, we have built A Books websites. Built With ?? HTML CSS javascript Git & Github Live Demo Here you can find the live Demo

Nedjwa Bouraiou 10 Aug 3, 2022
A frida script that can be used to find the public RSA key used in the native libakamaibmp.so shared library, seen in version 3.3.0 of Akamai BMP

Akamai BMP - RSA/AES Frida Hook This Frida script can be used to find the public RSA key used in the encryption process in Akamai BMP 3.3.0. Since ver

yog 31 Jan 8, 2023