bXSS Discovery is intended only for authorized security research, internal assessments, client-approved testing, or bug bounty programs with clear scope.
The project does not authorize testing against any third-party system. Users are responsible for confirming permission before using generated queries or reviewing candidate targets.
If you find a security issue in this tool itself, report it to the repository owner through the preferred private channel for the RedteamNotes project.
Do not include sensitive client data, target names, private URLs, payloads, or assessment artifacts in public issues.
Avoid committing:
- Client names or private scopes
- Generated query history
- Screenshots from assessments
- Browser profiles or local storage
- Notes that contain target-specific details
Keep the repository source generic and reusable.