Skip to content

RedteamNotes/bXSS-Discovery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
OPSEC.md
OPSEC.md
 
 
README.fr.md
README.fr.md
 
 
README.md
README.md
 
 
README.zh-CN.md
README.zh-CN.md
 
 
SECURITY.md
SECURITY.md
 
 
index.html
index.html
 
 

Repository files navigation

bXSS Discovery

English | 中文 | Français

Local-first, OPSEC-aware workbench for building scoped search queries to discover public intake surfaces during authorized bXSS assessments.

Overview

bXSS Discovery is a compact browser-based workbench for building scoped search queries that help identify public intake surfaces during authorized security assessments.

The tool focuses on discovery, triage, and repeatable notes. It does not submit payloads, run scans, or interact with target applications directly.

Intended Use

Use this only for authorized work: internal assessments, client-approved testing, or bug bounty programs where the target scope explicitly permits discovery activity.

Generated queries narrow public search results. They are not proof of vulnerability and should not be treated as validation. Manual review is still required.

Features

  • Scoped query builder using a normalized domain or host
  • English default UI with Chinese and French language switches
  • 36 reviewed discovery templates with category and keyword filtering
  • Numbered workflow panels for scope, template, query, parameters, triage, and explanation
  • Single search engine selection for Google, Bing, DuckDuckGo, or Baidu
  • Engine-aware query generation that adapts Google, Bing, DuckDuckGo, and Baidu syntax instead of reusing one generic dork
  • Detailed query explanations for scope, template matching, search engine choice, syntax downgrades, and result filters
  • Queue and history views for triage context
  • Light theme by default, with a dark theme toggle
  • Static single-file app that can be hosted anywhere

Quick Start

Open index.html directly in a browser, or serve it locally:

python3 -m http.server 4173 --bind 127.0.0.1

Then open:

http://127.0.0.1:4173/

Workflow

  1. Set the authorized target scope, for example redteamnotes.com or app.redteamnotes.com.
  2. Confirm that you have testing authorization for that scope.
  3. Filter or select a template from the template library.
  4. Read the generated query and explanation before opening results.
  5. Adjust query parameters, including one selected search engine and optional result filters. The generated command changes by engine so unsupported operators are not silently carried across.
  6. Open the query only when scope and authorization are correct.
  7. Queue promising queries with a short triage note.
  8. Review results manually and keep evidence tied to the original scope and query.

OPSEC Notes

  • Keep searches scoped to domains or hosts that are explicitly authorized.
  • Prefer exact hosts when authorization is narrow.
  • Do not submit payloads from this discovery tool.
  • Treat search engine history, browser history, screenshots, local storage, and notes as assessment artifacts.
  • Do not paste private target data into public search engines unless the engagement rules allow it.
  • Review redirects carefully; results may point to third-party help desks, hiring systems, or support portals.

For more operational guidance, see OPSEC.md.

Customizing Templates

Templates are defined in the dorks array inside index.html. Each entry includes:

  • id: stable template identifier
  • title: English template name
  • category: grouping used by the library
  • icon: Font Awesome class used for the compact UI marker
  • intensity: triage hint such as Low noise, Targeted, or Broad
  • operator: internal syntax tag used for search/filtering; the UI presents this as title, URL, or page-text matching
  • description: what the template is intended to find
  • query: search query fragment appended after site:{scope}

The current library contains 36 reviewed templates covering intake, feedback, support, trust and safety, careers, marketing, sales, identity, and operations surfaces.

Search engines do not share one identical dork syntax. The app preserves the richer Google query form where appropriate, uses Bing-compatible intitle, inbody, OR, and NOT, keeps DuckDuckGo queries focused around supported field and exclusion operators, and generates conservative Baidu queries with intitle, inurl, and site.

Keep new templates specific, explainable, and easy to triage. Avoid broad terms that mostly return marketing, policy, or documentation pages.

Deployment And Storage

This is a static app. You can host it through GitHub Pages, an internal static site, or any static file server.

For sensitive work, prefer a local-only instance and avoid analytics, remote error collection, or access logs that capture target names and query terms.

The app stores UI preferences and queue/history entries in browser localStorage. Clear local storage when required by engagement rules.

License

Copyright © RedteamNotes. All rights reserved.

About

Local-first, OPSEC-aware workbench for building scoped search queries to discover public intake surfaces during authorized bXSS assessments.

redteamnotes.com/bXXS-Discovery/

Topics

xss xss-detection blind-xss

Resources

Readme

License

View license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages