Key Features • Install • Usage • Configuration • How It Works • Contributing • License
See JSSCM in action here: https://sametsahin.com/images/jsscmtest
- Real-time Detection: Automatically identifies JavaScript resources with expired domains that could be exploited for XSS.
- Alert Notifications: Displays browser alerts when potential XSS vulnerabilities are detected to ensure visibility.
- Domain Status Check: Uses the Domainr API to verify domain registration status and determine exploitability.
- Download as ZIP and unpack, or git clone
- Enable
Developer Modein Extensions tab - Click
Load unpackedand select the cloned repository folder - Done!
Here is a video showing how to install a Chrome extension: How to install unpacked extensions in chrome
After installation, the extension works automatically in the background:
- The extension monitors JavaScript resources as you browse.
- When an expired domain is detected, a browser alert appears with details.
- Visit the settings page for more information
You need to set up an API key to enable domain status checking:
- Get a free API key (X-RapidAPI-Key) from RapidAPI Domainr.
- Open the extension settings page
- Enter your API key in the settings panel
- Click "Save Settings"
The extension:
- Listens for DNS resolution errors on script resources
- Records domains that fail to resolve (potential XSS opportunities)
- Provides UI components to review and analyze these vulnerable domains
- Offers an easy way to check if domains are available for registration and exploitation
This was a weekend project with no plans for new features. However, I'm open to ideas and contributions. Feel free to implement something if you'd like :)
GPLv3
- Domainr API for domain status checking
- Chrome Extension API documentation
- Instant Domain Search for manual domain lookups
- Samet Sahin sametsahin.com
- LinkedIn @sametsahinnet
- Twitter @sametsahinnet