Arus is an interactive Blind XSS and SSRF testing tool that you can setup for free using firebase and netlify
- HTTP request logs
- Blind XSS : Fetch loaded dom
- Blind XSS : Screenshot the vulnerable page
Follow these steps to install the project:
- Clone the repository:
git clone https://github.com/rahim7x/Argus.git
- Navigate to the project directory:
cd Argus - Install the required dependencies:
npm install && npm install -g netlify-cli - Create a firebase project and then create a new realtime databse
- Create a Firebase Service Account Key:
In your Firebase project's settings, go to the "Service Accounts" tab. Create a new service account and grant it the necessary permissions to access your Realtime Database. Download the service account key as a JSON file.
- Open
Argus/netlify/functions/config.jsin a text editor and add the service account key as a JSON in authData field - Also add your database url in targetUrl field
- Change the credentials (username and password) in
Argus/netlify/functions/config.js - Then run
netlify loginto log into your account , to test it locally runnetlify dev - Deploy the project by running
netlify deploy --prod
Once deployed in netlify use any non existing endpoint of your Argus domain / Or Just copy exiting payloads from /index.html