v0.0.7

Add DOM reponse, #10, thank you @savushkin-yauheni!

Trufflehog version update.

v0.0.6

Fix for empty localstorage bug, #9, thank you @savushkin-yauheni!

Trufflehog version update.

v0.0.5

New Feature

Telegram notification support: You can now setup XSSHunter to send a message to Telegram when a payload fires. Thank you @savushkin-yauheni for the contribution!

Improved .git check.

Trufflehog version update.

v0.0.4

New Feature

Multi panel user support: By adding the PANEL_USERPASS_LIST to you env file you can now have multiple panel user support, eg. PANEL_USERPASS_LIST=["[email protected]:somepass", "another_email@another_example.com:anotherpass"]. Thank you 0xGodson_ for the idea!

Trufflehog version update.

v0.0.3

Trufflehog version update.

v0.0.2

New Feature

Local Storage: Read all data stored in Local Storage for the page the payload fired on. Thank you xplo1t-sec!

Thank you to xnl-h4ck3r for helping with testing and ideas and to RahulVivekNair for improving Trufflehog support.

v0.0.1

New Features

It works and it's simple to setup: the current as of March 1, 2023 XSSHunter repository is not in a deploy-able state. This fork fixes that.

Single user support and multi user support: you can setup XSSHunter in either single user mode with only your account or in multi user mode using Google OAuth(allowing only the Gmail accounts you want to login). Compared, the original XSSHunter version only allows Google OAuth login and does not restrict the Gmail accounts allowed(all Gmail accounts can create an user and login).

Full Trufflehog support: Detect secrets on the page your payload fired. The original version implemented simple regex checks for AWS, GCP and Slack keys. This fork supports all the current ~750 detectors from Trufflehog.

No blurred screenshots

Slack, Discord and custom notifications: this fork will send notifications to Slack, Discord and to your custom HTTP hook when a XSS triggers. Compared, the original XSSHunter version only sends email notifications.