JSSCM - JavaScript Supply Chain Monitor
JSSCM is a tool designed to detect expired domains that could be exploited for Stored XSS attacks while browsing. It operates as a Chrome extension, monitoring JavaScript resources in real-time and alerting users when potential vulnerabilities are detected.
Key Features:
- Real-time Detection: Automatically identifies JavaScript resources with expired domains that could be exploited for XSS.
- Alert Notifications: Displays browser alerts when potential XSS vulnerabilities are detected to ensure visibility.
- Domain Status Check: Uses the Domainr API to verify domain registration status and determine exploitability.
- Easy Installation: Users can install the extension in developer mode and set it up with a simple API key configuration.
- User-Friendly Interface: Provides UI components to review and analyze vulnerable domains, making it easy to check if domains are available for registration.
Benefits:
- Enhances security by proactively identifying potential XSS vulnerabilities.
- Saves time for developers and security professionals by automating the detection process.
- Encourages community contributions and improvements to the tool.
Highlights:
- Open-source project under GPLv3 license.
- Developed as a weekend project with a focus on simplicity and effectiveness.
- Open to ideas and contributions from the community.
