xssmaze v0.1.0

crystal-lang security hacking vulnapp xss xss-maze
XSSMaze is a web service designed to test and improve the performance of security testing tools by providing various cases of XSS vulnerabilities.

Crystal CI Crystal Lint Docker

XSSMaze is an intentionally vulnerable web application for measuring and improving XSS detection in security testing tools. It covers a wide range of XSS contexts: basic reflection, DOM, header, path, POST, redirect, decode, hidden input, in-JS, in-attribute, in-frame, event handler, CSP bypass, SVG, CSS injection, template injection, WebSocket, JSON, advanced techniques, polyglot, browser-state, opener, storage-event, stream, channel, service-worker, history-state, reparse, and referrer.

Installation

From Source

shards install
shards build
./bin/xssmaze

From Docker

docker pull ghcr.io/hahwul/xssmaze:main
docker run -p 3000:3000 ghcr.io/hahwul/xssmaze:main

Usage

./bin/xssmaze

Options:
  -b HOST, --bind HOST             Host to bind (defaults to 0.0.0.0)
  -p PORT, --port PORT             Port to listen for connections (defaults to 3000)
  -s, --ssl                        Enables SSL
  --ssl-key-file FILE              SSL key file
  --ssl-cert-file FILE             SSL certificate file
  -h, --help                       Shows this help

Endpoint Map

curl http://localhost:3000/map/text
curl http://localhost:3000/map/json
Repository

xssmaze

Owner
Statistic
  • 31
  • 4
  • 0
  • 0
  • 1
  • 5 days ago
  • March 26, 2023
License

MIT License

Links
Synced at

Sun, 08 Mar 2026 23:03:17 GMT

Languages
Crystal 99.71% Dockerfile 0.29%